Data center operators are usually focused on “uptime,” a measurement used to determine the stability and availability of facilities. These performance measurements can include the levels of power redundancy, IT asset maintenance schedules, and the overall design of the data center. These factors make “uptime” a measurement of the original design or current state of a facility, but often overlooks key parts of the data center lifecycle. In particular: during data center hardware refreshes or decommissioning. These phases of the cycle are especially significant because they can have the greatest impact on information security.
During an IT refresh or decommissioning project, data center equipment is often either upgraded or removed. This involves IT hardware that contains some of the company’s most valuable assets: data. To address this, InfoSec directors often determine the policy of what to do with that data, but leave the actual processes, tools, and implementation to data center managers. These policies create a great responsibility for those data center managers to efficiently decommission IT assets while also making sure data is secure. And while uptime is an effective measurement of efficiency, there can be a blind spot in the data center when it comes to data decommission and physical information security.
The physical security blind spot in data centers exists because there are very few measurements of InfoSec success or failure. The most visible sign is a data breach, which can significantly affect a company’s reputation, customer trust, and ultimately their bottom line. With this in mind, for companies without a data center information-asset management strategy, data liability can be a ticking time bomb toward a physical data breach in the data center.
Fortunately, there are two very visible signs that indicate the rising risk of a data breach:
- Hard drives piling up in your data center.
Problem: The number of hard drives in a modern server can vary significantly between manufacturers and models. One asset can have anywhere from 2-4 to 8-24 hard drives. On average, these drives have three distinct failure rates. In the first 18 months, 5.1% of hard drives will fail. From there, the rate drops to 1.4% until the drive is three years old. After a hard drive’s third birthday however, the rate jumps to an 11.8% failure rate.
“If you buy a hard drive today, there’s a 90% chance that it willsurvive for three years. If your drive makes it to the three-year point … there’s a 12% chance per year that your drive will die.”
– Extreme Tech
Solution: Hard drive failure rates have two implications. First, data centers should consider replacing drives every three years to mitigate any risk of data loss. Second, drives that do fail should be considered a liability because the data can still be present on the disk. In both cases, decommissioned drives should be tested for erasure certification, and those failed drives should be disposed of securely to manage any data liability.
- Your data center refresh is behind schedule.
Problem: Data center complexity has grown significantly year-over-year, as the result of new technologies, growth of business-critical applications, and the increasing use of server virtualization. Strict InfoSec policies and inadequate drive detection or erasure tools often stall the asset refresh process. Data center managers can find themselves understaffed and without adequate processes to handle the refresh events, thereby increasing the liability for data security on aging data center hardware.Solution: Getting ahead of a refresh with a comprehensive data center hardware decommissioning solution is the best way to diffuse this risk. Such a strategy is measured by how well you destroy data, considered in tandem with uptime and return on investment.
Diffusing the ticking time bomb of data liability can sound daunting, but recognizing the signs is an important start. Liability from the risk of a data breach can be mitigated at refresh and decommissioning, with the right strategy and these considerations in mind.
For more on how to prevent a physical data breach at your data center click here. Or, if you will be attending Gartner IT Infrastructure, Operations Management & Data Center Conference 2017 in Las Vegas, please visit ITRenew in Booth #608. Get more information on #GartnerIO here.