Abstract:
The stockpiling of HDDs and other data storage devices remains a burden on many organizations. The potential liability and losses from inadvertent disclosures can be devastating to any business. While there are numerous methods for destroying media, the type of destruction depends on the required level of security, resources, and logistics. In many cases, destruction by cutting the media into fragments small enough that meaningful media cannot be easily extracted at the source of decommissioning is warranted.
Providing organizations with destruction equipment as close as possible to the point at which old data storage media are taken out of service, such as in a server rack in a data center, empowers them to maintain full life cycle stewardship over their sensitive data. More importantly, in-house destruction eliminates the risk of handing the media over to a third-party contractor for destruction and recycling or indefinitely stockpiling them on-site.
Often, recycled media are surreptitiously repurposed and sold online with sensitive data still intact. This document proposes an innovative in-house data destruction solution that is a safer and more cost-effective alternative than using a 3rd party service.
Problem statement:
Businesses throughout the world are storing data on drives that contain highly sensitive information without protocol or simple means of expeditious on-site destruction. The same holds true for data center operators struggling to find a solution to securely destroy end-of-life media.
Those massive volumes are becoming increasingly unmanageable. Keeping this vast volume of data secure becomes extremely difficult because of the enormous amount of data vulnerable to theft, compromise, and lack of oversight of inventory control.
Options are available for on-site destruction and alternatively contracting out to a third party for off-site destruction or recycling. The latter carries a significant risk of data being hacked or pirated once the media leaves the ownership of your business. Data breaches can bring fines in the hundreds of millions of dollars and ruin a company’s reputation.
Compliance and Risk:
Regulations and legislation regarding data handling and destruction are getting more stringent. That’s more so for organizations handling:
- Classified information, controlled unclassified information (CUI)
- Personally identifiable information (PII)
- Sensitive but unclassified information (SBU), or
- Information for official use only (FOUO)
IT governance discovered 1,243 security incidents in 2021, which resulted in a total of 5,126,930,507 breached records. That figure marks an 11% increase in security incidents compared to 2020. Also of interest, the average per record (per capita) cost of a data breach increased by 10.3% from 2020 to 2021.
After a cyberattack in 2021 exposed more than 100 million users’ personal information, T-mobile agreed to a $350 Million settlement in July. More recently, Morgan Stanley was fined $35 Million for failing to properly dispose of devices containing customers personal information. According to the SEC, Morgan Stanley disposed of thousands of hard drives and servers via a moving and storage company with no prior experience in data destruction.
In addition to financial penalties and reputational hazards, there is risk to individual executives as well if they fail to be transparent about any breaches, as seen in the recent guilty verdict of a former Uber CISO who is now facing severe personal consequences.
Economic Analysis:
The cost of destroying a hard drive can vary from $5 to $25 depending on factors such as volume and certification required. Other devices, such as solid state drives and switches, are costlier.
For this exercise, we will assume a moderate cost of $15 per drive destroyed.
Low Volume Media Destruction: The cost of a MediaVise® Compact HDD is $6,495. At $15 per drive, the break-even point is 433 drives.
Enterprise-Level Media Destruction: The cost of a MediaVise® High Thru-Put SSD Destroyer is $39,995. At $15 per drive, the break-even point is 2,666 drives.
Data Center Level Destruction: The cost of a Mediadice® SSD Disintegrator-2C is $61,595. At $15 per drive, the break-even point is 4,106 drives.
The numbers above show that contingent on the volume of drives needed to be destroyed, Phiston Technologies carries a cost-effective product that would show a positive ROI over time.
The Phiston Advantage:
As of 2022, Phiston has 13 products in the market.
Phiston dominates the information security market for media destroyers that:
- Are commercial grade, powerful, and rugged, yet portable, safe, and simple to operate
- Are designed to meet industry standards for media destruction and or media sanitization
- Meet stringent regulatory standards for worker health and safety, workplace air and noise quality, and waste containment and disposal
- Will not contaminate or adversely impact the pristine operating environment of computer data centers and other clean rooms.
Phiston Technologies meets the high-security media destruction challenges of some of the largest companies in the world, including many in “Big Tech.” Phiston has experience in many diverse industries, including homeland security, military, aerospace, law enforcement, finance, education, transportation, social media, aviation, legal, medical, and retail.
Our devices are deployed across all 50 states and 51 different countries, including both government and private sectors.
Conclusion:
The US Census Bureau reports that over 57 million businesses are operating in the USA alone. With data piracy on the rise, data stewardship, particularly over financial and personally identifiable information, has become a defining success factor for businesses worldwide, and careless, preventable breaches have decimated company reputations.
In evaluating the options of having an on-site data destruction device compared to using a 3rd party service, the economic analysis shows the cost benefits of a one-time purchase. Additional benefits include the risk reduction of sensitive data leaving the site and being pirated or “lost”.
Phiston Technologies is the industry leader in on-site data destruction and can work with any organization to ensure a secure end-to-end process.