The move to solid state drives

According to Gartner, 2017 is the year that revenue from enterprise sales of SSDs (solid state drives) will surpass that of HDDs (hard disk drives).

However, according to a new study from Blancco Technology Group, many IT professionals widely misunderstand the way that these drives write and delete files, with 64% failing to identify the correct definition of ‘data sanitisation’.

The study has produced revealing findings that potentially indicate why data breaches are so commonplace amongst modern organisations.

Regulations and guidelines are already in place, so it’s the job of government and industry to promote and enforce them.

>See also: 5 surprising mistakes that will fry your computer

In recent years, a growing number of data breaches have resulted from the improper data removal and insecure storage of drives.

To educate businesses on the importance of proper data management and security, Blancco Technology Group today released the findings of the Security Limitations of SSDs research study, which revealed that organisations face a myriad of internal and external challenges with preventing sensitive personal and corporate information from being accessed or breached from solid state drives (SSDs).

According to over 300 IT professionals surveyed in the United States, Canada, Mexico, United Kingdom, France, Germany, India, Japan and China, 62% of organisations believe encryption is sufficient to protect data from being accessed or breached.

On top of this, 70% said they rely on encryption to prevent data loss/theft from SSDs and 35% reformat the drives.

Moreover, when IT assets containing SSDs hit their end-of-life and are ready to be disposed of, recycled or resold, over half (56%) of organisations either send them to IT asset disposition vendors/recyclers to erase the data or outsource the task to an IT security consultant.

>See also: Enterprise storage in 2017: trends and challenges

Worryingly organisations prioritise efficiency and cost over data security when selecting IT asset disposition vendors/recyclers.

49% of those surveyed consider efficiency and cost to be the most important factors when selecting an IT asset disposition vendor. Yet, only 16% factor in the vendor’s ability to permanently remove all data and 13% prioritise certifications and recommendations from governing bodies and institutions into their decision-making process.

“Our study’s findings underscore the difficulty many organisations face with managing, storing and protecting data on SSDs and are symptomatic of a larger data security problem,” said Richard Stiennon, chief strategy officer of Blancco Technology Group.

“Many organisations and individuals place a great deal of their trust and reliance in encryption and reformatting to prevent data loss/theft from SSDs and minimise their exposure to a potential data breach. But there are certain data security challenges with encryption that are often overlooked when it comes to protecting data stored on SSDs.”

“We know from our own analysis of 200 used drives purchased from eBay and Craigslist that reformatting of SSDs could result in various types and amounts of personal and corporate information being left exposed and recovered. Organisations cannot afford to be lax in how they manage and erase SSDs – or they could find themselves hit by a data breach.”

>See also: 5 most common ways businesses lose data

One such example is the recent data breach that hit health insurer Centene. In January 2016, the health insurer lost six hard drives that were part of a data project using laboratory results to improve the health outcomes of members.

The missing drives contained the health information for 950,000 beneficiaries and included individuals’ names, dates of birth, social security numbers and member ID numbers.

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...