If you run a data centre, you’re likely already stretched for both budget and time. Yet incoming regulations, such as NIS & the EU GDPR, remind us how difficult it is for data centres to run efficient and agile decommissioning processes, with audit controls slowing down operations. In this article, Fredrik Forslund, VP Enterprise & Cloud Erasure, Blancco Technology Group, weighs up the options for data sanitisation at scale whenever servers reach end-of-life or are required for re-provisioning.
Data Erasure in the Enterprise Data Centre
Data erasure is an alternative to physical destruction that involves securely overwriting all sectors of the storage medium. This process sanitises all data stored on the server so it can’t be recovered, even with advanced forensics. Automation and other optimisations for large-scale data erasure can help make it as efficient as possible and reduce the impact on your internal resources.
Data erasure for servers typically involves manual, time-consuming processes. Technicians use specialised tools and equipment to access storage media in special-purpose boot environments and run erasure software. Software requirements will vary by organisation, but should include:
Effective standards for data erasure contribute to overall data hygiene by ensuring that data is destroyed when it reaches the end of its retention date, is no longer necessary or isn’t adding value to the business. This factor is essential in preventing unauthorised access, whether through a security breach or inadvertent disclosure.
3 Decommissioning Options: From Manual to Fully-Automated to Achieve Data Sanitisation
Option #1: Physical destruction in-house or using a third-party vendor
Your first option for decommissioning servers is to remove each local drive and physically destroy it, either in-house or by using a third-party vendor. While this approach can effectively destroy data, there are significant financial, environmental and security consequences to consider.
From an economic standpoint, it prevents the business from reusing or reselling those assets. Additionally, physically destroying drives instead of returning them as part of the original lease contract or under RMA-warranty, when they need replacing, can result in financial penalties. While not captured on the balance sheet, the environmental cost can also be high and contradict CSR polices. Finally, from a logistical standpoint, physical destruction tends to be carried out only when there are many drives ready to be processed. Cost and effort must therefore be expended in ensuring the devices are safely and securely stored until this point is reached.
Addressing the SSD Challenge:
NAND flash SSDs require a different sanitisation process than traditional magnetic media (HDDs). Physical destruction using degaussing of the drives does not work at all for example. New digital erase processes and professional software are needed to make sure all of the nooks and crannies are securely and permanently erased. Storage devices based on flash memory require digital erasure to be done at a deeper hardware command level, including bad blocks. Newer SSDs especially, such as those using NVMe-based access protocols, often require completely updated erasure solutions to communicate with the drives correctly.
When choosing a modern SSD digital erasure solution, look for one that performs verified and complete data erasure on the lowest level. The process of permanent erasure includes accessing hidden data, bad blocks or other areas not accessible by traditional overwriting software and utilities. It means moving beyond tools that only clean the surface, or upper-level file systems, instead of going deeper below the logical or partition level. Other things to look for in a solution include support for older PCIe AiC SSDs, such as Fusion-io drives that can be remarketed at high values. And, as mentioned above, don’t forget to include support of newer NVMe accessed SSDs.
Option #2: Manual Data Erasure
Data erasure is a software-based alternative to physical destruction that involves securely overwriting all sectors and blocks of the storage medium. Technicians use specialised tools and equipment to access storage media in special-purpose boot environments and run the erasure software.
This approach overcomes many of the negative impacts of physical destruction, ensuring the hardware maintains its residual value and can be reused, resold or recycled and won’t have a negative impact on the environment. It is particularly effective in scenarios whereby the requirement for server decommissioning is very infrequent and happens in small volumes, or the target is only loose drives that are being replaced from the operational environment. However, manual data erasure is almost impossible to scale cost-efficiently as it relies on time-consuming and resource intensive processes.
Option #3: Server-based Erasure
Server-based erasure requires the data erasure software to be hosted on a laptop for example, and physically cabled to one or more servers at a time. Full erasure typically takes several hours, however the ability to automate the activity and have it run across multiple pieces using network boot of the hardware can save days and weeks of technicians’ time. It is by far the best option when multiple servers and drives need to be decommissioned at the same time.
A good example of this is a major multinational technology company we worked with that was struggling with its decommissioning solution. While it used physical destruction to sanitise some of the hardware that left its data centre, the company needed a solution that would erase all data and software on the remaining servers left in its network. Employing server-based erasure that could work remotely using network booting it was able to erase close to 900 servers (including 5,117 6x 1TB SATA HDD drives.) The total time from setup to finish was under ten hours, owing to all erasures having been performed simultaneously and remote-controlled over the network. The process also includes getting a tamper proof erasure certificate per server, including all drive serial numbers, as a complete audit trail.
The data centre could also enter custom field information into the reporting to meet the company’s internal security requirements. The erasure process was launched to all network-connected servers at once, thereby removing the need to connect a keyboard and monitor to each server as is the case with manual data erasure.
Simple, Powerful, Scalable Server Decommissioning
Greater automation makes life easier for data centres as they meet internal Service Level Agreements to decommission servers, either at end of life or prior to re-provisioning. These new approaches to automated data erasure offer dramatic workflow efficiencies, with environmental and budgetary advantages compared to physical destruction of decommissioned drives.
Because data erasure is completed on drives without leaving the security of the server room, data centre operators reduce risk associated with transporting storage media that contains sensitive data and provide a tamper-proof audit trail that data sanitisation has occurred.
Guaranteeing that customer data has been destroyed beyond recovery safeguards your reputation and ensures compliance with today’s toughest data privacy regulations. Eliminating low-value tasks such as unscrewing and handling loose drives and or running temporary cables and booting hundreds of servers individually can make your data centre more effective.
In the face of growing resource limitations and larger amounts of data, these reduced requirements for a common day-to-day responsibility can pay good dividends.