DATA DESTRUCTION
The amount of data produced by businesses has grown quickly thanks to analytics technology in recent years, and this will only grow as AI become more widely adopted. But when this data is no longer required, businesses need to ensure it is properly destroyed. “If data isn’t governed correctly, it quickly goes from being an asset to a liability,” says Justin Sharrocks, general manager EMEA at Trusted Tech. “A major challenge in the cloud is what we call ‘dark data’, which is unstructured information that organisations hold on to but rarely use. In lots of cases, dark data can account for up to 80% of corporate data, creating a large, unmanaged attack surface ideal for cybercriminals to take advantage of. “We’re also seeing new risks emerge with the rise of easily accessible AI platforms. Employees are increasingly using unauthorised tools, what we’d call ‘shadow AI’, and feeding sensitive business data into external platforms. Once that data leaves your environment, you lose control over it entirely, including the ability to ensure it’s ever properly destroyed.” Mark Russell, business unit director at Exclusive Networks, notes that as data volumes increase, so does the exposure if that data is not securely disposed of. “Secure destruction is now considered a critical part of the data lifecycle, not an optional extra,” he says. Guillaume Boisvert, director of product innovation at Sherweb, adds that organisations are now creating and retaining data at unprecedented scale. “Much of it persists far longer than its business value,” he says. “That creates a growing ‘data liability’ that increases risk over time. “At the same time, regulatory pressure is shifting from breach response to lifecycle accountability. It’s no longer enough to secure data while it’s in use, organisations are expected to know what they hold, why they hold it and when it should be
defensibly destroyed. The combination of data sprawl, cyber risk and regulatory scrutiny has made end-of-life data governance a board-level issue. “In many ways, the safest data is the data you no longer keep. Effective destruction is becoming one of the most powerful risk-reduction strategies available to businesses.” Potential consequences It should be emphasised to businesses that the potential consequences of not destroying data effectively are serious. “Businesses consistently underestimate regulatory exposure, breach amplification and customer relationships,” says Justin. “Under frameworks like GDPR, organisations are required to adhere to data minimisation and storage limitation principles. Holding onto data longer than necessary can lead to fines, even if there’s no breach. If an attacker does gain access, they can only take what exists. Holding years of unused or redundant data significantly escalates what should have been an avoidable, minor incident. Finally, there’s the impact on trust. If customers discover that data they believed was deleted still exists, or worse, has been exposed or reused, the reputational damage for that business and all its partners can be severe and long-lasting.” When is destroyed not destroyed? But destroying cloud-based data is about more than just hitting ‘delete’. “In the cloud, you don’t have physical control, you can’t see or touch the infrastructure,” Justin notes. “So, the focus must shift from control to auditability. “There’s often a misconception that cloud providers handle everything. In reality, under the shared responsibility model, providers secure the infrastructure, but the customer remains responsible for the data itself. “Businesses must design systems where every deletion is policy-driven, automated
“
Under frameworks like GDPR,
organisations are required to adhere to data
minimisation and storage limitation principles. Holding onto data longer than necessary can lead to fines, even if there’s no breach. If an attacker does gain access, they can only take what exists.
”
CONTINUED
www.newsinthechannel.co.uk
45
Powered by FlippingBook