New research launched by Blancco Technology Group, the industry standard in data erasure and mobile device diagnostics, has outlined the staggering cost to global organisations due to old, outdated IT equipment cluttering up data centres.
A survey of 600 data centre experts from APAC, Europe and North America revealed that two in five organisations that store their data in-house spend more than $100,000 storing useless IT hardware that could pose a security or compliance risk.
Astonishingly, more than half of these companies (54%) have been cited at least once or twice by regulators or governing bodies for noncompliance with international data protection laws.
Fines of up to $1.5 million could be issued for HIPAA violations due to storing data past its retention date, with that number multiplied by the number of years each violation has been allowed to persist.
Blancco’s exclusive study, ‘The high cost of cluttered data centres’, produced in partnership with Coleman Parks, reflects the extent in which global organisations are paralysed by fear of reputational damage.
This is primarily the risk of sensitive data that is stored on old IT hardware of being breached or misused. Put simply, organisations are opting to spend vast sums of money storing these devices, contrary in many cases, to data protection laws and regulations, rather than entrusting them to data erasure experts for wiping before reuse.
“Global organisations are unnecessarily wasting vast sums of money from noncompliance and onsite storage fees – charges that could be easily mitigated,” said Fredrik Forslund, vice president, Enterprise and Cloud Erasure Solutions at Blancco.
“This points to a huge lack of education within the sector about what to do with hardware that is faulty or has reached end-of-life. Organisations are letting this hardware pile up in fear of data leakage, resulting in loss of efficiency, increasing capital costs, possible noncompliance and potential security risks.”
The global data centre industry remains gripped by a lack of time and resources to complete comprehensive data privacy processes.
This remains one of the key reasons why organisations, particularly those that own their own data centres and store all data onsite, are keeping IT assets past their useful lives.
Where they’re going wrong
The study also found that many individuals failed a simple data sanitisation test, despite their job titles suggesting that they should know more. Over half of the respondents, (57%), agreed that a quick or full reformat of a drive would permanently erase all data.
Many organisations also stated they are using multiple methods to sanitise their data. What’s worrying is that 62% of organisations surveyed are using free online tools with no verification or certification to erase data securely.
Amazingly, most organisations surveyed (80%) admitted that at least a quarter of end-of-life drives sit uselessly idle in their data centres.
Three quarters of organisations (75%) confessed that 25% of all RMA drives stored onsite were only there because they aren’t willing to follow required processes to return them to the manufacturer.
When asked about their major pain points in not returning RMA drives or servers to the manufacturer when their lease is up, 73% of UK respondents stated manual/time-consuming processes and 49% noted external security/privacy concerns, the highest percentage points from all the countries surveyed.
And while some countries had their own priorities, the UK was most worried about GDPR (43%), followed closely by increasing automation across the data centre (41%).
“It’s not surprising that more than half of all respondents rated the RMA return process as ‘quite’ or ‘extremely’ difficult. Current processes being followed are archaic, inefficient and desperately in need of automation,” Forslund said.
In some cases, organsations feel compelled to waste more resource wiping each drive individually.”
“Organisations are sitting on IT assets that are having an extremely damaging impact on their business – even if most organisations consider themselves to be mitigating risk by holding on to them.”
For full analysis, you can read the full ‘The high cost of cluttered data centres’ report here.