Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

The physical side of data security.

Greenworld Electronics : 28 January, 2008  (Technical Article)
Greenworld Electronics provides an insight into data loss prevention through effective, thorough and ecologically acceptable methods of used IT equipment disposal.
David Aitken, Managing Director of Greenworld Electronics focuses on how effective data security protocols need to be viewed as a commercial imperative for businesses of all sizes and examines the need for on-site data destruction services if companies are to protect themselves - and their customers from the possibility of a data disaster.

"Organisations that do not regard data management and IT equipment disposal as a top level issue, will face numerous commercial threats and run the risk of severe financial penalties following recent legislation

"The HMRC fiasco and the stream of data catastrophe revelations reported in the national media show how data management can no longer be viewed as a junior level responsibility. Management needs to wise up on its responsibilities and employ on-site data destruction and responsible end-of-life disposal of IT and electronic equipment.

"Although the names that have been hitting the headlines in recent reports have been mainly public sector organisations, the issue of data security is relevant to all industry sectors and should be a key concern for companies of all sizes.

''Whereas companies have invested in high performance IT, all-too-often organisations wrongly assume that they can take shortcuts in data security to save money or time, or have done so as a result of widespread ignorance of their responsibilities. As a result, the security protocols of many organisations are simply inadequate.

''Commonsense should dictate that it's important to destroy data before disposing of IT equipment, yet the media regularly exposes cases of computers that have been discarded, with employees' and customers' personal details easily accessible. Old business computers are frequently on sale at auctions or on the internet and clearly, this careless approach to data management represents a potential commercial minefield.

''Basic forms of data destruction are inadequate - especially in view of the likely consequences of choosing one that's unfit for purpose.

''For peace of mind, data destruction must be completed on site, to strict government destruction standards, as part of a rigid data management lifecycle strategy, not just an ad hoc corporate spring clean or as a last-minute bolt-on to an office move. It should be part of an efficient and ethical disposal audit trail.
''Specialist methods of data destruction, carried out on-site, leave no margin for error or data leakage, whereas off site data destruction can expose an organisation to the considerable risks of data lost in transit.

Once data is moved around, it is a potential risk. The level of security has to fit the value of the data being transited. The following guidelines can help to guard against the dangers of data disaters:.

* Don't move data from one location to another if it means the data has to leave the organisation's premises.
* On-site destruction of data is imperative before transiting, if the item is end of life, as the risk of loss in transit is too great.
* For internal transfer of data, use a proven, secure, internal IT network.
* Electronic transfer of data to an external network should be done via a proven, secure, encryption methodology.
* If it's essential to physically transfer a data asset externally, then it's important to encrypt the data and ensure appropriate security provision, such as unmarked, escorted, secure vehicles manned by security specialists.

''The actual method of data destruction is vitally important. For example, destroying data by crushing electronic equipment can still leave businesses exposed to fraud, as information could still be retrieved from the remaining fragments.

"An astounding 300 pages of potentially sensitive data can be retrieved from just one inch of hard drive. Commonly employed data removal techniques such as deleting or overwriting files, magnetising the hard drive, manually destroying the hard drive by smashing it or drilling holes in it, will not destroy all data.

"If the hard disc drive is corrupt, it will fail software based destruction techniques. In such cases there are only two formally recognised methods of data destruction: Degaussing and Disintegration. To be effective, hard drive disintegration must shred to a minimum of 13mm, whilst Degaussing must be completed using specialist Government approved equipment.

"GreenWorld provides both services on site for clients and disintegrates using its unique Secure Industrial Disk Drive Disintegrators, (SIDD). The only machine of its type and function in Europe, SIDD reduces hard drives to components no bigger than 2mm, from which it is impossible to retrieve data.

"So, it's crucial to choose an on-site data destruction specialist using government approved standards that don't expose your company to the risk of ineffective data destruction techniques.

''GreenWorld is the only complete IT asset management company in Europe to offer a comprehensive, on-site end-to-end data destruction and disposal service and offers a unique on site asset reconciliation and lifetime management tracking service (SAM). This ensures total data destruction and asset disposal integrity and includes complete on-site data destruction certification prior to equipment leaving site.

''Whatever the size or nature of a company, its IT equipment needs to be disposed of to the specified security standards. Failure to do so has serious legal as well as commercial implications, as breaching the Data Protection Act can result in unlimited fines running into millions and civil and criminal prosecution.
''Stringent WEEE legislation has been introduced recently on environmentally sound disposal for all end-of-life electronic equipment - from computers to mobile phones, blackberries and PDAs.

''It's staggering how many businesses remain unaware of the Government's new WEEE and hazardous waste legislation on the disposal of electronic equipment, which carries unlimited fines and criminal prosecution for companies accused of non-compliance.

''UK businesses must seek specialist advice and take the necessary actions to ensure their data management, security and disposal cycle is fit for purpose, or the consequences of poor disposal policies could have a devastating effect on their business."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo