A survey of 600 data center experts from APAC, Europe and North America reveals that two in five organizations that store their data in-house spend more than $100,000 storing useless IT hardware that could pose a security or compliance risk.
Astonishingly, 54 percent of these companies have been cited at least once or twice by regulators or governing bodies for noncompliance with international data protection laws. Fines of up to $1.5 million could be issued for HIPAA violations due to storing data past its retention date, with that number multiplied by the number of years each violation has been allowed to persist.
Blancco’s study, The High Cost of Cluttered Data Centers, produced in partnership with Coleman Parks, reflects the extent in which global organizations are paralyzed by fear of reputational damage. This is primarily the risk of sensitive data that is stored on old IT hardware of being breached or misused. Put simply, organizations are opting to spend vast sums of money storing these devices, contrary in many cases, to data protection laws and regulations, rather than entrusting them to data erasure experts for wiping before reuse.
“Global organizations are unnecessarily wasting vast sums of money from noncompliance and onsite storage fees – charges that could be easily mitigated,” said Fredrik Forslund, Vice President, Enterprise and Cloud Erasure Solutions at Blancco. “This points to a huge lack of education within the sector about what to do with hardware that is faulty or has reached end-of-life. Organizations are letting this hardware pile up in fear of data leakage, resulting in loss of efficiency, increasing capital costs, possible noncompliance and potential security risks.”
The global data center industry remains gripped by a lack of time and resources to complete comprehensive data privacy processes. This remains one of the key reasons why organizations, particularly those that own their own data centers and store all data onsite, are keeping IT assets past their useful lives.
Key global findings
- All organizations surveyed stored a large portion of their data onsite, with 48 percent storing 31 to 60 percent of their data onsite, 42 percent storing 10 to 30 percent of their data onsite and 10 percent of organizations storing over 60 percent of their data onsite.
- Many individuals failed a simple data sanitization test, despite their job titles suggesting that they should know more. Over half of the respondents, 57 percent, agreed that a quick or full reformat of a drive would permanently erase all data.
- Many organizations also stated they are using multiple methods to sanitize their data. What’s worrying is that 62 percent of organizations surveyed are using free online tools with no verification or certification to erase data securely.
- Most of organizations surveyed (80 percent) admitted that at least a quarter of end-of-life drives sit uselessly idle in their data centers. Three quarters of organizations (75 percent) confessed that 25 percent of all RMA drives stored onsite were only there because they aren’t willing to follow required processes to return them to the manufacturer.
Key North America findings
- In the United States, 41 percent of respondents shared that more than half of their organizations drives stored onsite are “past-due” because they are unable or unwilling to return them to the manufacturer. This figure jumps to 79 percent in United States and 76 percent in Canada, with respondents reporting at least a quarter of old drives are still onsite.
- 52 percent of U.S. respondents, and slightly more in Canada at 57 percent, reported that their organizations have been cited one or more times by a regulatory/governing body for failure to comply with state, federal or international data protection laws such as GDPR in the last 24 months.
- 75 percent of U.S. respondents – and 70 percent of Canadians surveyed – said that ineffective methods were their main concern when it comes to dealing with “manual/time consuming processes.” 71 percent of U.S. respondents – 65 percent in Canada – said that the most effective way for them to improve their current RMA return process would be to add the ability to erase full racks of servers or multiple drives simultaneously.
Key UK findings
- 74 percent of U.K. organizations admitted that at least 26 percent of all RMA drives stored onsite were only there because they aren’t willing to return them to the manufacturer. A quarter also confessed more than half (51 percent) of their RMA drives sit uselessly idle in their data centers for the same reason.
- When asked about their major pain points in not returning RMA drives or servers to the manufacturer when their lease is up, 73 percent of U.K. respondents stated manual/time-consuming processes and 49 percent noted external security/privacy concerns, the highest percentage points from all the countries surveyed.
- While some countries had their own priorities, the U.K. was most worried about GDPR (43 percent), followed closely by increasing automation across the data center (41 percent).
“It’s not surprising that more than half of all respondents rated the RMA return process as ‘quite’ or ‘extremely’ difficult. Current processes being followed are archaic, inefficient and desperately in need of automation. In some cases, organizations feel compelled to waste more resource wiping each drive individually,” Forslund said. “Organizations are sitting on IT assets that are having an extremely damaging impact on their business – even if most organizations consider themselves to be mitigating risk by holding on to them.”