Effective Data Erasure Management
Mobile Erasure
Regulatory Concerns
Company news Product info
Page 2
Page 3
Page 3
Page 4
issue 1, March 2013 This magazine is published by Blancco Oy Ltd. Copyrights 2013 Blancco Oy. All rights reserved.
Quantity of global digital data
2020
40 ZB
5,247GB
of data for every person on the planet
2015
40 %
7.91ZB
of this information will require some kind of data protection.
2012 2.72 ZB 2010
1,23 ZB
Considerations of SSD Data Erasure With
huge
last year (39 million), rising to 239 million
is able to apply modern erasure standards,
erasure by accessing various approaches to
increase in the amount of data, the
predictions
expecting
a
units in 2016 (40% of the HDD market).
ascertain third party software endorsements,
sanitization, offering greater assurance of
handling of storage assets will become
Subsequent research3 shows a decline in
and invest in research and development
security and fully auditable results. Together
more important than ever.
The latest
the use of desktop PCs and an increase
processes. SSDs contain internal controller
with a centralized management console
research performed by IDC1 has further
in mobile computing technologies which
chips with advanced software modules that
and enhanced verification and reporting
revised their prediction for the size
use solid state storage technology. Hybrid
are required to prolong the performance
techniques, advanced data erasure can
of the data universe by 2020, adding
technologies, storage arrays and other
and lifespan of the drive. These “undercover�
determine the best course of action for an
another 5 Zettabytes (ZB), indicating a 50x increase from 2010 and 5,247GB of data for every person on the planet. They also predict that 40% of this information will require some kind of data protection. The danger, as highlighted by IDC, is that data protection levels are not keeping pace with the volumes of data that require protection.
flash memory is becoming more significant. Extensive SSD vendors offer a variety of SSD models so it is not possible to assume that the behavior of one SSD will match the next. Given the
Flash memory has enabled Solid State
rise of SSDs, standardization
Drives (SSDs) to become more widely used
of the elements of SSD
although Hard Disk Drives (HDDs) are still
technology has not taken
the dominant choice in the laptop, PC and
place. Physical and logical
server market. However, recent research
are
SSD. It is essential that the tool is developed
from
by an organization with an understanding of
operating
the caveats involved with this technology,
operations
applications all mean that
The secure handling of SSDs in an asset’s lifecycle is important as human error, application of ineffective software or flawed recommendations could land an organization in legal trouble and or with a huge fine.
hidden the
also
thus ensuring that the necessary steps
the
user.
Options
toward compliance and secure handling of
for
data
erasure
data are not overlooked.
of
SSDs
include
system
and
reformatting,
High profile data breaches have resulted in
physical destruction
many countries adopting data protection
of
legislation and many groups of industries
devices,
cryptographic
have their own regulations. These legal
erasure,
firmware
and industry requirements mean that data
based erasure and
security is obligatory for organizations
differences between the Solid State Drive
overwriting all of which have risks as data
including the lifecycle management of
from IHS iSuppli2 predicts that consumer
and the mechanical hard disk drive (HDD)
may still be retrievable.
storage assets. Current EU data protection
and enterprise SSD shipments are expected
must be considered when erasing SSDs.
to be around 83 million units this year,
Key elements that support the SSD erasure
Advanced
solutions
implement technical measures to protect
more than a 100% increase of drives sold
process are use of an erasure company that
enable a user to extend the security of data
personal data. The secure handling of SSDs
directives mean that organizations must erasure
software
2
Data Erasure news
CEO news CEO and Co-Founder Kim Väisänen
Finland
requirements in data security so secure
in an asset’s lifecycle is important as human
agency such as the UK-based Asset Disposal
data erasure is becoming more challenging
error, application of ineffective software
& Information Security Alliance (ADISA) to
for organizations to securely manage data
or flawed recommendations could land
offer third-party assurance that data has
erasure processes for equipment they want
an organization in legal trouble and or
been wiped to the desired protection level.
to reuse, resell or dispose. We, at Blancco,
with a huge fine. With
have been responding to these challenges Welcome to our first issue of Data Erasure
large
volumes
of
assets,
by developing data erasure technology over
The National Association for Information
the management of SSDs requires not
a 16-year period.
Destruction (NAID) has created a task force
only erasure software that can identify
to standardize and document sanitization
and
News. The purpose of this publication
handle
them
correctly,
but
an
is to offer information to help your
The recent growth of compliance and
on SSDs. Professional data erasure tools that
organization that has invested time in
organization
legislative requirements in data security
claim to erase SSDs should offer some kind
R&D
demonstrate that management of secure
of certification or approval that they are
stipulations of handling SSD technology
data erasure will become even more critical
effective in removing data by a recognized
and erasure. ®
with
its
data
erasure
management process. The digital universe doubles every 18
in the next few years. We look forward to
months while the spectrum of device
supporting your industry’s needs in the
platforms becomes more fragmented, and
decades ahead. ®
there are new compliance and legislative
and
understands
the
unique
1 IDC Digital Universe Study, sponsored by EMC, December 2012 2 Ryan Chien, IHS isuppli: Solid-State Drive Market Revenue Set to more than Double This Year on Renewed Ultrabook Hopes (January 23, 2013) http://www.isuppli.com/Memory-and-Storage/News/Pages/Solid-State-Drive-Market-Revenue-Set-to-more-thanDouble-This-Year-on-Renewed-Ultrabook-Hopes.aspx 3 Fang Zhang, Hard Disk Drive Market Revenue Set for Double-Digit Decline This Year, February 4, 2013, http://www.isuppli.com/ Memory-and-Storage/News/Pages/Hard-Disk-Drive-Market-Revenue-Set-for-Double-Digit-Decline-This-Year.aspx
Effective Data Erasure Management IT management staff face significant challenges including the management
Data erasure offers a software-based approach
hardware, relevant serial numbers and asset
of data security policy given the continued proliferation of data breaches
for overwriting and fully eliminating all
tags, software details for license harvesting,
and identity theft worldwide. A key aspect of such a policy involves defining
electronic information – much of it sensitive or
the erasure method employed and who
confidential in nature – that resides on a hard
performed the erasure.
as well as implementing data erasure procedures for IT equipment that is scheduled for reuse, donation or final disposal. This includes a solution that detects a range of hardware from smartphones to high-end servers, and addresses daily data erasure management as well as the erasure needs through an asset’s entire lifecycle.
drive or other digital media set for disposal or reuse. Erasure reports with detailed hardware
Customers and employees depend on the
specifics are provided as proof of data removal.
security of personal and business information. Failure to effectively erase information upon
Many
data
technologies
protection exist,
and
destruction
the disposal of an IT asset or storage device
physical
may not only result in damage to a brand
including
destruction of devices, degaussing, encryption,
and a company’s image, but could lead to
effectively
portable media, many are less aware of a
re-formatting,
comprehensive
falling stock prices, the loss of customers
implement data erasure, advanced data
more subtle culprit – their own improper
software overwriting approaches, but each
and business partners, and negative press
disposal of IT assets.
has its drawbacks. On the other hand, data
as well. A carelessly discarded hard drive
In
insecure
erasure management with advanced erasure
containing confidential data that has not been
To
help
erasure
efficiently
and
solutions
providing centralized
fact,
and
less
management offer a
Data erasure offers a software-
disposal of IT assets is
technology is the ultimate first line of defense
erased can easily result in identity theft and
fast, automated and
based approach for overwriting
the cause of data loss
in ridding devices of sensitive information. By
expose an organization to bad publicity and
secure way to protect
and fully eliminating all electronic
in 10 percent of cases,
automating complete removal of data with
costly litigation. It can also impact employee
data while helping to
information that resides on a hard
according to a 2010
technology that offers proof in a detailed
turnover and day-to-day business operations
KPMG
International
report, organizations are assured that data is
and internal information security. ®
report1, with serious
protected, without impacting the productivity
implications
of resources and overall operations.
reduce
associated
costs and resource requirements.
drive or other digital media set for disposal or reuse.
Automated features
for
Some reports show that around
corporate reputation
expedite erasure and allow customization of
and from costly fines initiated by increasingly
Tamperproof and verifiable reporting is
erasure and reporting processes to meet an
stringent data protection regulations. Some
an essential part of regulatory compliance
organization’s needs.
reports show that around 40 percent of hard
and legal audits. A data erasure solution
drives reach the secondhand market still
should
While companies often associate the threat
containing sensitive data, including a 2009
reports to provide critical information for the
of data loss with stolen laptops or other
study by Kessler International2.
auditing process such as condition of the
1 KPMG International, “Data Loss Barometer –Insights into Lost and Stolen Information in 2010,” Issue 3, 2010 2 Kessler International, “Is Your Confidential Information Being Sold on eBay?”, February 2009, http://www.investigation.com/press/press75.htm
generate
comprehensive
erasure
40%
of hard drives reach the secondhand market still containing sensitive data.
Data Erasure news
Data Erasure of Mobile Devices Seventy-seven percent of all companies now provide smartphones to some
proof of data removal or find a reputable
includes comprehensive erasure reports that
employees according to a recent survey of companies in the United States
IT asset disposal (ITAD) partner or mobile
provide information for auditing, resale and
and Europe1. Previously, employees with company-issued mobile phones were usually in executive, sales and marketing roles but the bring your own
security purposes.
device recycler who uses such software.
Restoring factory settings
Regardless
of
a
device (BYOD) is re-shaping the business landscape and empowering more
Restoring factory settings
will not ensure that all data
and different types of workers.
will not ensure that all
is permanently destroyed,
a company’s IT asset
data
because the data can still
managers need to
be recovered later.
track the users and
is
permanently
An estimated 1.2 billion smartphones and
Most businesses do not have policies in place
destroyed, because the
tablets will be shipped this year according
to ensure that this data is secure, particularly
data can still be recovered
to Gartner who also predicts that by 2016,
when it comes to decommissioning in the
later. Therefore, erasing
two-thirds of the mobile workforce will own
event a smartphone or tablet is disposed of,
data is a safe and effective way to remove
a smartphone and the devices will contain
reassigned or sent for recycling. To eliminate
this data from a device’s internal and
sensitive corporate, customer or employee
the risk of costly data breaches organizations
external memory. Companies should look
data2.
All of these devices with trillions
must adopt advanced erasure polices
for an advanced data erasure tool that is
of gigabytes of memory may potentially
as a best practice—that include policies
approved as effective in sanitizing data by
contain sensitive corporate, customer or
for mobile device data. They should also
an internationally recognized testing agency
employee data.
implement products providing verifiable
like TUV SUD and should be one that also
device’s ownership,
devices that access company
data
as
part of a secure mobile device policy. ®
Regulatory Concerns for all Data Erasure A number of stringent industry-specific
In Europe, changes in data protection have
protection for consumers,
standards and regulations have emerged
been proposed that revisit rules from the
including a requirement
Sanctions for violations of
server or laptop. Not
around the world with the aim of reducing
European Union (EU) Data Protection Directive
for deletion of data. The
only does a business
the risk of exposing confidential data,
are expected to be released in June of 2013.
new
these new requirements
including rules related to health care, finance
The directive includes requirements for the
designed to provide a clear
and credit information. Existing regulations
deletion of online data and use of auditable
statement of basic privacy
that specifically require deletion of data
procedures for companies processing personal
principles that apply to
euros or 0.5 % to 2 % of
include the Health Insurance Portability
data, as well as encouragement for the use
the commercial world, and
global annual turnover.
and Accountability Act (HIPAA), The Fair and
of certified tools and processes. Sanctions
a sustained commitment
Accurate Credit Transactions Act of 2003
for violations of these new requirements are
of
(FACTA), and the Payment Card Industry Data
predicted to range from 250,000 euros to 1
to address consumer privacy issues as
Agency (ENISA) recognizes that improper
Security Standard (PCI DSS), as well as the UK
million euros or 0.5 % to 2 % of global annual
they arise from advances in technologies
decommissions of smartphones without a full
Data Protection Act 1998. Also, comprehensive
turnover.
and business models.
data wipe poses one of the highest risks to
framework
all
originated
was
are predicted to range from 250,000 euros to 1 million
or organization risk its corporate it
also
industry
incur specific
regulatory fines. The
information safety3. ®
are under review in Europe with EU legislation
In February 2012, the Obama Administration
Also
on data protection reform and in the US with
in the US introduced the Consumer Privacy
repercussions of a data breach from a tablet
the Consumer Privacy Bill of Rights.
Bill of Rights, which provides strong privacy
or smartphone are just as severe as if it
to
can
reputation,
Information
stakeholders
important
a
European Network and
regulations with data removal requirements it’s
from
note
that
the
1 IDC, “IDC Benchmark Study Examines Enterprise Mobile Device Policies,” 04 June 2012, http://www.idc.com/getdoc.jsp?containerId=prUS23519412 2 TechCrunch.com, “Gartner: 1.2 Billion Smartphones, Tablets To Be Bought Worldwide In 2013; 821 Million This Year: 70% Of Total Device Sales,” 6 November 2012, http://techcrunch.com/2012/11/06/gartner-1-2-billion-smartphonestablets-tobe-bought-worldwide-in-2013-821-million-this-year-70-of-total-device-sales/ 3 ENISA, http://www.enisa.europa.eu/act/application-security/smartphone-security-1/top-ten-risks/top-ten-smartphone-risks?searchterm=Top+Ten+Smartphone+
Security
3
Blancco Expands Globally
Award news
Blancco opened its first office in Southeast
erasure solutions and practices throughout
Blancco received a 2012 Internatio-
Blancco has won many other awards
Asia in Kuala Lumpur, Malysia in January.
the country.” Awareness in Asia is rising
nalization Award from President Sauli
recently as it was named the 2012
Awareness in Asia has been rising about
about the importance of data protection.
Niinistö of the Republic of Finland in
Company of the Year in a competition
January. Now in their 45th year, the awards
organized
Blancco also established an office in
recognize
biggest
“There is an increasing demand for secure
Russia in 2012 as the company continues
growth in Finnish companies.
data erasure in Southeast Asia as awareness
to
grows and legislative initiatives continue
becoming a key component of data
Blancco’s CEO and founder, Kim Väisänen,
to focus a spotlight on the use of personal
protection practices, and the company is
won the 2012 Ernst and Young Entrepreneur
The company was also acknowledged in
information
purposes,”
responding by making solutions available
of
three other 2012 Finnish industry awards:
said Alan Puah, Managing Director for
to a broadening user base worldwide.
and
the
the Strongest in Finland certificate from
Blancco SEA. “The Malaysian Personal Data
Blancco has been growing approximately
Ernst & Young’s World Entrepreneur of
Suomen Asiakastieto, Soliditet’s highest AAA
Protection Act was passed in 2010 and is
25% per year during the past five years
the Year award finals in Monte Carlo
credit rating for the ninth year in a row, and the
scheduled to be effective January 1, 2013,
including 2012. ®
in June 2013.
Kauppalehti Achiever certificate. ®
the importance of data protection.
for
commercial
expand.
Effective
data
erasure
outstanding
international
Pohjola
by
Kauppalehti,
trade
magazine,
Group,
Finland’s and
Finland’s
OP-
leading
financial services group.
is
the
Year
will
competition
represent
in
Finland
Finland in
further heightening the need for proper data
Who is blancco?
Why erase data?
Blancco is the global leader in data erasure and computer reuse solutions. Each day, tens
IT assets pose a significant risk to organizations because of the large volumes of
of thousands of IT assets on every continent are sanitized, analyzed and tested using
confidential information stored on them. Data must be completely destroyed before IT
Blancco solutions.
assets are disposed of, recycled, reused or donated.
High speed, efficient erasure of
Centrally erase logical drives like
multiple hard drives ensures PCs
LUNs and virtual machines in an
and laptops can be safely disposed
active storage environment.
Blancco’s unique ERA process Erase
of, reused or resold. A
total
erasure
Blancco solution
for
complicated server and storage
and folders from desktops and laptops while they are active.
only
permanently
Hardware and software solutions for
erases all data, including hidden and
mass erasure of any type of loose
remapped sectors…
hard drive (eg ATA, SCSI and FC).
Report
environments. Permanently erase selected files
not
Blancco
For more information or to download our whitepapers, please visit
also
generates
detailed
reports providing critical evidence of every erasure.
Erase flash media storage devices
Audit
stored within smartphones, tablets,
These reports ensure the existence of
network routers, and cameras etc.
a comprehensive audit trail – a critical requirement
The latest solution for mass erasure of smartphones and tablets.
for
compliance
and
regulatory and legal auditing needs.
www.blancco.com
Blancco is approved by:
NATO TUV
NSM
Copyright © 2012 Blancco Oy Ltd. All Rights Reserved. The information contained in this document represents the current view of Blancco Oy Ltd on the issues discussed as of the date of publication. Because of changing market conditions, Blancco cannot guarantee the accuracy of any information presented after the date of publication. This white paper is for informational purposes only. Blancco makes no warranties, express or implied, in this document. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Blancco.
news@blancco.com www.blancco.com