DATA DESTRUCTION
CONTINUED
encryption keys), increasingly common as an efficient, secure deletion method.” Alyssa Blackburn, program manager, information management at AvePoint, adds that information lifecycle practices and processes must be built into systems from the outset. “But this means we need to understand the data we’re capturing and how long it needs to be retained for,” she says. “This is not just a deletion issue, but a data governance issue that needs to be considered for any system that holds information. “This is not an issue that can be tackled manually, and automation truly is the only option. Use lifecycle management solutions to track, manage and securely destroy data. It’s also crucial to implement regulate audits and secure protocols to ensure data disposal aligns with legal and security requirements in the cloud.” Gavin adds that responsibility needs to be considered. “Most cloud providers believe they have a robust policy for data security, but that’s their responsibility for the service provision. For the data owner, storing data in the cloud, the liability will never move from them. It doesn’t matter who leaks the data, whether it’s your infrastructure or a third party, the data owner is always going to be held accountable. “We should include a cradle-to-grave and any afterlife considerations of IT equipment and know exactly what is happening in any end-of-life process. The data owner must take responsibility for EOL practices seriously. Don't assume it is part of the cloud provider's processes and acceptable standards. If you don’t know
it or understand it; question it and even add to this with your acceptable policy requirements or suggested guidance you want to see implemented.” Best ways to dispose of data There are various ways that data can be disposed of once it has reached the end of its useful purpose. Gavin says that different devices and formats require different disposal techniques to achieve absolute data destruction. “If we take our tape world as our known example, companies tend to think shredding is the best way to dispose of tape, but with growing capacities, we leave about 12GB of information on a 10cm strand of film,” he says. “That’s why we believe it is important to seek out industry specialists who deeply understand the specific data-carrying media a company uses and the risks they may be exposed to.” John notes that businesses should choose what is appropriate for the level of risk, so partners should ensure they understand the recovery risks so they can make an informed decision that protects the organisation from exposure and supports its ESG goals. Ross adds that in cases where data is encrypted, it’s important to decrypt and then securely erase it. “Simply deleting encrypted files isn't sufficient – due to residual metadata, indexing and cached information potentially leaving recoverable fragments,” he says. “In cloud environments, cloud providers typically implement secure data erasure protocols that follow established standards like DoD 5220.22-M or NIST 800-88, ensuring data is permanently removed from their systems. Additionally, organisations can work with specialised third-party data destruction services, which offer secure disposal processes and provide official certificates of destruction to verify compliance with legal and regulatory requirements.”
“
Companies tend to think shredding is
the best way to dispose of tape, but with growing capacities, we leave about 12GB of information on a 10cm strand of film.
”
Gavin Griffiths managing director
John Woolley chief commercial officer
insurgo.co.uk
CONTINUED
www.newsinthechannel.co.uk
25
Powered by FlippingBook