Old equipment leaves enterprises at risk of data breaches
New research launched today by data erasure and mobile device diagnostics specialist Blancco Technology Group finds end-of-life devices are leaving businesses at risk of data breaches.
The survey of 1,850 senior leaders from the world's largest enterprises in APAC, Europe and North America finds 73 percent agree that the large volume of different devices at end-of-life leaves their company vulnerable to a data security breach, while 68 percent say they are very concerned about the risk of data breach from this equipment.
Concerns include the use of inappropriate data removal methods -- 36 percent report using data wiping methods such as formatting, overwriting using free software tools or paid software-based tools without certification, or physical destruction (both degaussing and shredding) with no audit trail. These methods are not fully secure and can leave businesses open to potential security and compliance issues. But of more concern is that four percent of these enterprises are not sanitizing data at all, leaving them wide open to attacks.
Some are also keeping large stockpiles of out-of-use equipment within the company and not dealing with them within a suitable time frame. 80 percent of enterprises admit having a stockpile of out-of-use equipment sitting in storage and 57 percent report taking longer than two weeks to erase devices, adding to the risks of potential internal data breaches and lost data. Companies also report that 18 percent of their devices are simply left somewhere within the company with no action.
In addition there's often a lack of an appropriate audit trail for end-of-life assets, including during transportation to an off site destruction facility. 17 percent of enterprises report not having an audit trail for the physical destruction process, and 31 percent admit not capturing the drive serial number. This lack of chain of custody controls means these enterprises are running the risk of data breaches and non-compliance.
"Global enterprises are clearly concerned about data when devices reach end-of-life; however, despite knowing the risks involved, many still choose to use an inadequate approach to protect their organization," says Fredrik Forslund, vice president, enterprise and cloud erasure solutions at Blancco. "This points to a huge and worrying knowledge gap within the sector and among senior leaders about the security and compliance implications of physical destruction and end-of-life equipment lying around."
The full report is available from the Blancco site.