ITAD for SSDs

In our data-driven world, public sector agencies and governments find themselves managing, processing, and safeguarding an enormous amount of data. It is often the case that this information is extremely sensitive (and potentially exploitable). Furthermore, with the growing focus on privacy and data protection among both citizens and lawmakers, the public sector has a responsibility to its citizens to protect personal data.  

Globally, 69% of countries have some form of privacy legislation or data protection regulations in place, such as the General Data Protection Regulation (GDPR) in the UK and EU. On top of that, there are data protection regulations and policies that pertain specifically to the public sector. What these varying pieces of legislation all have in common is the aim to ensure the secure disposal of data stored on data-bearing assets. 

 

SSDs 

A solid-state drive (SSD) is a type of non-volatile storage device. SSDs are widely used within devices such as laptops, desktops, and even multi-function printers. Most government and public sector organizations store a lot of data on SSDs. When an SSD reaches its end-of-life, whether due to a data migration project, technology refresh, or other causes for decommissioning, different organizations across a range of sectors take various approaches.  

Blancco is a technology group that has set the industry standard in data erasure and mobile lifecycle solutions. Blancco recently carried out an extensive study (available here) of public sector decision makers from a range of organizations across North America, Europe, and Asia Pacific. The aim of the survey was to understand how public sector organizations are handling end-of-life SSDs and their level of awareness when it comes to regulatory issues surrounding data deletion.   

 

Study Findings 

An interesting finding from the study was that while 93% of respondents reportedly had plans to address the negative environmental effects caused by destroying IT hardware, less than 21% are actively implementing those plans. It’s evident that public sector organizations therefore are aware of the correlation between environmental impact and hardware disposal practices, but still need to actively turn their plans into reality.  

Another key discovery of the study was that the internal policies of public sector organizations more often than not mandate that SSDs be physically destroyed once they’ve reached their end-of-life to render classified/sensitive data permanently unrecoverable. 

The findings highlight the fact that many public sector organizations should re-evaluate the physical destruction of SSDs and other IT hardware.  

Why do governments and public sector organizations routinely destroy so many SSDs even though, according to the study, they exhibit a high awareness of the need to reconsider physical destruction? 

The study uncovered that data security is a major factor – 46% of respondents consider the physical destruction of SSDs to be more secure than other data sanitization solutions. Another interesting finding from the study is that 41% of respondents replied that they’re required by law to physically destroy SSDs that contain classified data, so they destroy all SSDs “just in case”.  

Another study finding to highlight is that 38% of respondents think that destroying SSDs is cheaper than other available methods. Overall, the 596 study respondents reportedly spend between $12.8 million and $17 million each year destroying SSD-based laptops, desktops, loose drives, and servers. Approximately another $40 million is then spent replacing the drives that they have destroyed. 

 

Destruction – at What Cost? 

It’s worth noting the facts when it comes to data security and SSDs. Chiefly, the act of destroying a drive does not guarantee that data is irretrievable. The team at Blancco points out that in the case of shredding, the larger shred sizes used for HDDs can be inadequate when it comes to destroying the more densely populated data found on an SSD. With just 46% of respondents data sanitizing their SSDs before destroying them, it calls into question the practices of these organizations.  

It’s clear that destroying drives is costly – it increases the IT operations and materials costs for already squeezed public sector organizations. It also incurs opportunity costs because cutting device life short means that there’s no option for redeployment, resale, or return. And finally, and perhaps most pertinent, is the fact that unnecessary destruction of drives adds to the growing mountain of electronic waste (known as e-waste).  

At Techbuyer, our priority is to extend the product lifecycle of IT equipment wherever possible, in order to reduce the amount of useful technology entering the planet’s waste stream. A key solution to the issues outlined in the report is IT Asset Disposition (ITAD). A sophisticated process, ITAD enables organizations to dispose of IT equipment safely and responsibly. By sanitizing drives of any remaining data, giving the equipment to secondary users, and avoiding waste, the procedure seeks to extend the lifespan of IT systems. 

Using specialist sanitization software to completely erase all residual information on data-bearing IT assets (Techbuyer uses military-grade sanitization software trusted by NASA and The US Department of Defense) addresses any concerns when it comes to data security. Full certification is also provided, which demonstrates compliance and gives you ultimate peace of mind.   

 

Balancing Security and Sustainability  

The study is effective in highlighting opportunities to revise, update, and advise SSD policy reform. These important findings could go a long way in demonstrating an understanding of public sector security requirements while presenting solutions that support both local and global sustainability targets.  

There is clearly a balance to be had between information security measures and environmental sustainability. With advanced data sanitization technology widely available, there is an opportunity to converse with public sector organizations to develop policies that reflect the landscape.  

Interested in Techbuyer’s IT Asset Disposal service? Read more about our secure service for IT asset disposal and contact us here.