See the drives in the picture? They just sit there. Over time they get old, and with use they eventually reach end of life – or perhaps it’s eventually time to return them as part of a lease.
Either way, it’s time to sanitize them – a term that means either erasing or physically destroying them. In a corporate environment, we have a process we need to follow, something like this:
I have one or more drives → I need to sanitize them → I get some disk erasure tool and erase them → if that doesn’t work, I physically destroy them → I get follow-up documentation to provide I’ve sanitized them (certification, audit documentation, etc.)
Simple enough, right? For onesies or twosies or even a box of old drives, this process is all a company needs.
But what if you have an entire data center full of drives? At that point, it doesn't matter how big a box of old drives you can sanitize, the process above will fall short.
How Data Center Thinking Changes the Data Sanitization Game
Today’s data centers may have many thousands of drives – but simple volume isn’t the primary challenge for data sanitization. The real challenge is dealing with change.
Every data center is subject to tech refreshes, and for the larger facilities in particular, such refreshes happen on a continual, rolling basis.
Just like painting the Golden Gate Bridge, once you go from one end to the other, it’s time to start over. A three-year tech refresh policy might require the recycling of up to 3% of its servers – and hence, its drives – every month.
If there are tens of thousands of drives, then this number adds up to hundreds of drives per month – and that’s not counting failed drives.
Remember, even in the case of drive failure, it’s important to follow data sanitization policies. In many cases, such policies only require software-only erasure. Only a fraction of failed drives will require physical destruction.
Why Traditional Data Erasure Products Fall Short
To handle this ongoing change within the data center, the data erasure process looks more like this:
I have a data center with rolling refresh policies → I need to implement a comprehensive erasure (and occasional destruction) policy → personnel must erase or destroy drives on a regular basis → I require ongoing documentation.
Traditional data erasure products expect the first process above, not the second one. They all assume the user starts with some fixed number of drives they must erase and then steps them through the erasure process for each one (or sometimes several at once).
If the task at hand is to erase drives of different types, then the operator must configure the erasure tool accordingly. Given that there are likely to be only a small number of different types of drives, this manual configuration isn’t a big deal.
In the data center context, however, there is no single drive – or single box of drives. Rather, data sanitization is an ongoing, often daily or weekly process.
Furthermore, given tech refreshes drive such steady data sanitization requirements, the need to erase a mix of different types of drives is an everyday occurrence.
It’s essential, therefore, for data erasure software to adjust automatically to the type of drive in question without the need for user input for each drive. In other words, the data erasure software must adapt to the type of drive automatically.
For all these reasons, data erasure in data centers is an operational process problem, as I explained in an earlier article. In this article I also explained how VerityES rises to this operational challenge, scaling data erasure processes to meet the needs of data centers.
The VerityES Difference
VerityES treats data erasure as an operational process problem, rather than a tool-based problem as other data erasure products do.
VerityES can process hundreds of devices at a time in compliance with country-specific data erasure regulations and standards. The software adapts automatically to different types of devices and storage media, including hard disk drives of all sizes, solid-state drives, and nonvolatile memory host controller interface SSDs.
An important benefit of Verity ES’s operational process focus is its ability to maximize residual asset value returns by combining its data analytics module with high-performance data erasure technology. VerityES also provides support to its customers, including assistance in building the most efficient data eradication processes.
The Intellyx Take
The phrases ‘data sanitization’ and ‘data erasure’ are easy to confuse, but there are important distinctions.
One approach to data sanitization, of course, is physical destruction. Some data center operators run heavy-duty shredders to chop up failed and end-of-life drives into tiny, unreadable bits.
Data erasure, in contrast, means leveraging software to wipe the drives of all data, leaving the hardware ready for resale or lease return.
Physical destruction may be the quickest approach to sanitization and may sound more thorough, but it relies upon effective sanitization processes. A poor process might allow some drives to slip through the cracks and find their way into the hands of bad actors.
Physical destruction is also likely to be the most expensive in terms of TCO – in part because of the loss of any residual value, but also due to the significant disposal costs of the shredded drives (given they typically contain hazardous materials).
For these reasons, it is important for data centers to implement operational data sanitization processes that favor erasure, while physical destruction is a last resort – as a matter of process.
VerityES takes this operational process approach, thus optimizing TCO for its customers better than any data sanitization alternative that tackles erasure on a drive-by-drive basis.
Jason Bloomberg, Managing Partner, Intellyx