Survey finds many organizations destroy all solid-state drives to protect sensitive data from theft and misuse.
Government organizations could save millions of dollars by recycling and reusing solid-state drives (SSDs) instead of destroying hardware to protect sensitive data. That’s the recommendation from the Blancco Technology Group’s report on data management methods. The report, “The Price of Destruction: Exploring the Financial and Environmental Costs of Public Sector Device Sanitization,” found that many organizations have recycling plans in place but are not implementing them.
The study is based on survey data from 596 government IT leaders in nine countries. The survey found that the governments and public sector organizations represented spend as much as $17 million every year on the physical destruction of solid-state drives.
The same organizations spend another $40 million to replace the devices for a total of $57 million. The costs of destroying SSDs and replacing is between $6.9 and $7.3 million for the U.S. and between $6.4 and $6.9 million for the U.K.
Blancco offers data erasure software to manage end-of-life data, reuse data storage assets and comply with data protection and privacy laws. Transparency Market Research predicts that the market for data erasure software will hit $21.4 billion by 2030 and lists Stellar Information Technology, Kroll Ontrack, Blancco, IBM Corporation and Certus Software as significant providers of this service.
The survey found that 41% of respondents said physical destruction is mandated by law for SSDs that contain classified data, so they destroy all SSDs “just in case.”
Other findings include:
- Cryptographic erasure or encryption was indicated most often by 89% of respondents.
- Physical destruction of SSDs alone was used by 60% of the respondents.
- Physical destruction of IT assets that house SSDs was used by 48%.
- Software-based erasure was used by about half the organizations (55% did this onsite while 45% chose offsite) to allow reuse of the device.
The report authors see two main problems with destroying a drive as the default approach to preserve data security:
“Unnecessary destruction increases IT operations and materials costs for fiscally constrained public sector organizations. It also fosters increased e-waste creation during a global call for more prudent environmental stewardship.”
The data shows that device destruction and replacement can cost even smaller governments millions of dollars each year as well as reducing the useful life span of a device and making redeployment, resale and return impossible.
Almost all survey respondents (93%) indicated that their organization had defined plans to reduce the environmental impact caused by destroying IT equipment, but only 21% are implementing those plans.
Alan Bentley, president of global strategy at Blancco, said in a press release that public sector organizations should consider SSD sanitization instead of destruction to improve sustainability.
“We’ve seen several public sector departments benefit from moving away from destroying data bearing assets to reusing them or building up the circular economy,” he said. “Our study highlights that there are significant opportunities for policy reform surrounding SSD data protection as national policymakers seek to steward financial, environmental and data resources entrusted to their care.”
The survey also found that 22% are unaware of alternative methods of sanitization. The report authors noted these best practices for the various methods of sanitizing used drives:
- Encryption: Keys must be securely stored and managed and users must be diligent in how and when they execute encryption processes.
- Physical destruction: No data storage areas can be left intact and destruction methods must be appropriate for the particular asset.
- Data erasure: Using accepted industry standards and verification of erasure are critical.