Summary: Dark data and its potential have remained at the forefront of discussions, but the dangers associated with dark data are all too real to ignore. Dark data, like structured data, is costly to store, poses risks of leakage, and is threatened by cyber-attacks. Still, it’s not taken into consideration when devising data destruction policies. The blog will explore dark data, its risks, and the importance of data destruction in helping safeguard against those risks.
Eric Schmidt (Ex. CEO of Google) claimed in 2010, “There were 5 Exabytes of information created between the dawn of civilization through 2003, but that much information is now created every two days.” The underlying message was clear we are generating humongous amounts of data, growing at breakneck speed. Interestingly, as per IDC (International Data Corporation), 90% of this data comprises dark and unstructured data. Dark data has enormous potential, per IT leaders, but for most businesses, the focus is only on deriving value from structured data. This massive reservoir of idle unsecured data taking up incredible amounts of storage has the potential to become either a significant asset or a huge liability.
What is Dark Data?
Dark data is information collected and stored by businesses not being utilized for business purposes. Dark data for every industry can be categorized differently, but anything sent over the internet can potentially become dark at some point. A few examples of dark data:
- Geolocation tagging data
- Raw data from surveys
- Recorded Customer calls
- Old emails and their attachments
- Completed or discarded market campaigns
- Surveillance footage from video feeds
- Old documents
- Past employee records
- Web content that has been archived
- Multiple copies of the same data
Moreover, IoT devices collect a lot of data, but it doesn’t have any particular business utilization. The initial impetus behind collecting this data was to gather some value from it, or it was gathered as a broad-based information-gathering exercise when dealing with customers. Over a period of time, the most valuable data will become obsolete and turn into dark data. Unless businesses have clear and defined policies regarding data retention and disposal that addresses dark data handling, it will continue to be risky to store dark data.
What are the Risks & Threats of Dark Data?
The existence of dark data in storage systems poses several challenges to businesses. Therefore, understanding them can be the key to formulating policies to safeguard against the risks arising from the said challenges:
Data Security Non-Compliance: Data regulatory and privacy laws mandate organizations to handle data securely at all times, including at rest or dark data. Leakage of the sensitive information stored in dark data can be detrimental for an organization if the information is compromised in any form, thus making businesses non-compliant. Furthermore, in some adverse cases, there could be legal and financial implications for non-compliance with laws and regulations, leading to a loss of reputation and affecting the brand image.
Compromise Business Information: Dark data may contain direct information or pointers to information that is proprietary, strategic, business research, partnership modules, or operations; their accidental disclosure may lead to loss of business value and investor trust.
Increased TCO: The Total cost of ownership (TCO), which includes backup, accessibility, and readiness, would increase drastically with dark data using up large amounts of storage space. This cost is a liability without any foreseeable utilization. It is estimated that the cost for 1 TB of data can be above $3000/Year.
Environmental Risk: Data centers require a lot of energy to store data. IEA (International Energy Agency) estimates put the requirement of data centers at 1% of the global electricity output and are expected to rise to 1/5 of the world’s power supply by 2025. Dark data takes up lots of storage and significantly contributes to worldwide carbon emissions adding to global warming.
Opportunity Loss: Data collection costs money, and if the data is not utilized or underutilized, it is a loss of opportunity for businesses.
Businesses don’t have the technology, understanding, and resources to unravel value from dark data, so they should undertake steps to ensure that this data is destroyed promptly before it converts the above risks into reality.
How Data Destruction Helps Mitigate Dark Data Risks?
Dark data may contain sensitive information, which, if compromised, can lead to financial, legal, and brand reputation loss. These risks must be mitigated by formulating a comprehensive data destruction policy that covers dark unstructured data destruction. As discussed in previous articles, Data destruction is defined as a process of removing data from storage devices permanently, making it irrecoverable. Data Destruction can be achieved in various ways, but we recommend using an overwriting software like BitRaser that is NIST approved and can help meet compliance with global laws and regulations.
How can BitRaser help Destroy Dark Data?
Permanent Wiping: An overwriting software will use pseudorandom binary 1s and 0s to overwrite the data in all sectors of the storage device. Overwriting ensures that data is permanently removed from the device and cannot be recovered even in a forensic lab setting.
Verification: Once the data is overwritten, the software runs a verification swipe to ensure that the data has been removed; this ensures that all the sectors targeted for wiping have been wiped and no remnants of dark data remain on those sectors. It also covers hidden disk areas such as HPA, DCO & remapped sectors.
Data Wiping Standards: BitRaser software is tested and approved by NIST. It supports the NIST 800-88 standard and 23 other international standards like DoD 3 & & Pass.
Compliance: Data destruction is a prominent component of global data privacy and protection laws and regulations like GDPR, CCPA, HIPAA, SOX, ISO 27001, etc., and using BitRaser helps businesses remain compliant with these laws.
Proof of Destruction: The software generates erasure reports stored on an easily accessible cloud repository helping companies with audits and compliances.
Data destruction ensures that dark data is permanently wiped from all storage devices like SSDs, HDDs, PCs, USBs, servers, etc., making it easier for businesses to implement it across the organization. In addition, the risks associated with dark data are mitigated once the data is destroyed.
Businesses are inherently attracted to retaining dark data due to its perceived value and acquisition costs. It remains the most significant factor that compels them to retain this data for long durations without a plan or idea of how they will utilize it. The value of dark data cannot be denied, but the effort required in human resources, technology, money, and energy to gather something actionable from it so far remains unfeasible. The risks associated with dark data outweigh the benefits pointing firmly toward destroying it rather than retaining it over time. The prudent choice for businesses would be to have dark data destruction as part of their data disposal policy, and it should be a scheduled feature in data lifecycle management.