Secure Data Erasure For Data Center Decommissioning

This article explores the process of data center decommissioning and cites the importance of software-based data erasure during this process. It enlists the various ways in which overwriting data can help an organization to ensure data security and prevent data breach during data center decommissioning.

A data center is a facility where organizational computing systems, servers, and associated components, such as network and storage devices are located. Data center decommissioning is the practice of dismantling computing systems and hardware for disposal, recycling, relocation or reuse as the data is transferred to the upgraded servers. Decommissioning a data center is as difficult as installing one and given the sensitive nature of organizational data, the decommissioning process requires thorough planning and careful execution.

While retiring IT Assets in a data center, follow a quick checklist of items as listed below:

Data Center Decommissioning Checklist:

• Prepare Scope of Work
  • Document a list of devices to be dismantled: computers, servers, hard drives, cables and other data center equipment.
  • Identify and asset tag devices that need to be recycled, or re-used.
• Take Backups and ensure Software Licenses for servers are in place
  • Ensure all necessary data and power backup systems are in place.
  • Locate and Keep all software licenses for servers handy.
• Planning for Decommissioning
  • Create an Implementation plan defining roles of the person responsible for the decommissioning process and activities to be performed at different time intervals.
  • List down vendors that you may need to support the process of dismantling.
  • Cancel all maintenance contracts for servers, if any.
  • Arrange necessary tool for decommissioning including forklifts, tip guards, hoists, data erasure tools, degaussers etc.
• Dismantling and Data Sanitization
  • Dismantle the servers. Choose the right destruction method – erase, degauss or shred depending upon the reuse requirement.
  • For data sanitization, connect the storage media to permanently wipe redundant data with professional data erasure tools.

Role of Data Erasure in Data Center Decommissioning

Retiring of Data Center is not just about dismantling and removing the IT hardware. It is also about maintaining data security at all levels. Absence of Data protection during removal process of redundant hardware may lead to hackers gain access to data at rest and misuse sensitive information causing data breaches. It is thus imperative to completely sanitize and destruct data during the decommissioning process. Morgan Stanley data breach is a classic example of how ignoring due diligence in data center decommissioning can lead to data breach and subsequent penalties worth millions of dollars.  Also, outdated systems and equipment do not come with the latest features and security updates. Thus, IT assets at the end-of-life possessing sensitive data can be breached if proper care is not taken to dispose them. This may ultimately lead to data breach lawsuits and loss of the company’s reputation.
Secure data erasure during data center decommissioning can be helpful in more than one ways.

• Facilitates On-site Data Destruction

  During decommissioning process, data erasure helps in wiping unwanted data from drives and servers at the company’s own facility either through a vendor or by the company itself. The advantage of on-site data destruction is that data and device exchange very few hands and the process can be witnessed by concerned  at company’s facility. When you plan to opt for secure data erasure, ensure your data erasure tool or your service provider complies with prominent standards like NIST 800-88 (National Institute for Standards and Technology) and DoD 5220.22-M (U.S. Department of Defense).

• Ensures Efficiency & Security

  Ensuring data security throughout the data lifecycle is critical and software-based data erasure ensures secure and permanent wiping of all your sensitive data beyond retrieval even in a laboratory setting.  You can achieve media sanitization across all your data center IT Assets with data erasure, whether it is your redundant hard drives, solid-state drives, servers, virtual machines or logical storage area networks. Software-based data erasure produces a 100% tamper-proof report for every erasure performed to ensure that wiping was successfully done.

• Helps in Meeting Compliance

  Organizations are obligated by law like EU-GDPR, CCPA, SOX, HIPAA etc. to include data destruction as a part of their IT Asset management policy. Modern data protection laws demand secure data destruction that leaves no traces behind. Use of a certified and professional data erasure tool like BitRaser is recommended as it helps in ensuring compliance with these global data protection legislation by destroying information securely and generating auditable reports.  In case third-party vendor is involved in decommissioning, organizations should demand use of certified and reliable data sanitization tool.

• Offers Documented Evidence of Wiping (Audit Trails)

  Software-based erasure produces certificate of destruction for every instance of wiping. It acts as an audit trail for the complete data erasure process. The Certificate helps an organization prove that it has securely destroyed the data. It also promotes trust towards the third-party vendor performing media sanitization during data center decommissioning on behalf of your organization. When data is securely wiped, it eliminates all possibilities of data getting compromised or breached.

• Encourages Responsible Recycling
  Data erasure or overwriting is an eco-friendly approach towards media sanitization as it ensures that the storage device is available to be reused, repurposed or recycled. A professional wiping tool thus is a sustainable approach towards decommissioning IT assets in a data center as it reduces e-waste. Unlike physical destruction for device disposal, data sanitization is an eco-friendly approach of erasing every trace of information from the device and allows further reuse and recycling of the device.

Data Erasure: Integral Part of Data Center Commissioning Services

Data erasure forms an integral part of data center decommissioning services as it deals with the most important element of a data center i.e. its sensitive data. The absence of right data destruction policy and any ignorance in ensuring due diligence in the disposal of sensitive information may lead to data leakage and breach. This can not only cost huge penalties and loss of reputation to the organization but also hampers business-critical work and loss of customer trust. It is thus pivotal for every organization to ensure that it either deploys a professional and certified data erasure tool or hires a third-party vendor that uses these certified software and generates certificate for every wiping executed.

FAQs