Do I have control of the Information in my care?

All business and individuals exist in some manner in cyberspace. Routinely, we provide information that is then stored by 3rd party organisations most unknown to us. That information is valuable and needs to be stored and disposed of in an appropriate manner.

Business owners, directors and managers have a duty to store information safely and ensure that hardware containing sensitive information is destroyed at the end of life in an appropriate manner. In our opinion sanitising and E-recycling does not satisfy an appropriate end of life for many items of hardware.

Businesses engaged with providing services to government have very specific duties depending on the sensitivity of the information they handle. These duties are outlined in various policies but specifically here.

The failure of a mechanical hard-disks is inevitable, and software exists to ensure the integrity and availability of that data across multiple physical drives at a hosting location and mirroring of sites within and across continents. But mirroring and data integrity & availability techniques make it close on impossible to locate and or ring fence where any sensitive data may be stored.  

From a physical security perspective all hardware in the possession of a business must be considered to contain sensitive information. And by implication every disk that exists in a RAID array or any multipoint access server must be considered sensitive from a content and disposal perspective.

Many businesses elect to maintain local server function to maintain control of business data that they own. This is a double-edged sword as any insurance broker will advise. Having data in physical possession is a business continuity risk (fire, theft, hardware failure, malicious intent). These identified risks propagated the growth of cloud storage and cloud computing. Cloud space methods solved a physical access problem on one level and created a cyber security access problem as well as a physical access problem.

Remember always, “the cloud” is just someone else’s computer.

In the hacking space nothing beats physical access. Having the hardware in your possession or having local physical access for a limited or unlimited time. Thus rises the distinction of “never alone hardware”. I.E.  those pieces of hardware that must either be in the personal company of an individual or secured within an appropriate security container (something more than a car boot or trunk). We all know stories of computers and portable storage stolen from cars, left in a bar or on an aircraft.

What then should happen to specific types of hardware (laptops, SSD, hard-disks and tablets at the end of life?

This is where we can help.

Numerous businesses offer to sanitise your disks with varying degrees of success – the only way to absolutely guarantee the data is gone is via our secure disposal methods.

We can tailor a secure traceable disposal system for your hardware and IT assets that meets the requirements of both local and international standards and codes of practice.