♦ In a practice many experts would describe as “killing a fly with a nuclear bomb”, many of the world’s largest tech companies have been found to be destroying thousands of storage devices every year in order to stay compliant with data protection regulations.
♦ According to the Financial Times, both Amazon and Microsoft (2 of the world’s biggest data center operators) would rather physically destroy every piece of data-bearing hardware they no longer plan on using, than risk data leaks by wiping the devices clean and selling them on the secondary market.
♦ It’s not just data center operators, though, as public sector organizations, various ministries, police departments, and many others are all reportedly opting for the physical destruction of the gear, for the same reasons.
♦ Wiping the endpoints clean, and selling them on the secondary markets, has multiple benefits, and very little risk – if done properly.
◽ Some of the materials used to create data storage units are hard to come by.
◽ What’s more, refurbished gear is no longer significantly underperforming compared to new gear, so it makes sense on the performance front, as well.
◽ And obviously – it’s cheaper and “greener”.
♦ But experts must be brought in, otherwise, the potential for disaster is quite great.
◽ A good example of bad practice came from Morgan Stanley, which was fined last month after contracting an inexperienced company to handle hard drive decommissioning.
◽ Instead of properly wiping the disks, the contractor sold the devices online with the data still on them, triggering a painful reaction from the U.S. Securities and Exchange Commission.
Morgan Stanley has paid $163 million so far in fines & lawsuits.
I’ve been posting on this topic for the last 3+ years while working with NextUse, 1 of the 3 best-certified data security-specialized ITAD vendors in the US, and 1 of the 6 best in the world.
I’ve shared links to articles by the National Security Agency saying that professionally done one-pass overwriting and verification of every sector on a drive makes the data permanently irretrievable, and yet continuously get comments under my ITAD posts that “physical destruction is the only sure way”, even though there are also published studies from the intelligence community that show that data can be retrieved from pieces of shredded drives that were not degaussed first.
I can tell you from plenty of first-hand experience that those opinions are shared by top decision makers at some of the world’s largest users of data storage tech, in direct opposition to the financial, environmental, and geopolitical benefits of overwriting and reselling.