Cluttered Data Centers Drive Compliance Risk
January 29, 2019
New research outlines the staggering cost to global organizations of old,
outdated IT equipment cluttering up data centers. A survey
of 600 data center experts from APAC, Europe and North
America reveals that two in five organizations that store
their data in-house spend more than $100,000 storing useless
IT hardware that could pose a security or compliance risk.
Astonishingly, more than half of these companies (54
percent) have been cited at least once or twice by
regulators or governing bodies for noncompliance with
international data protection laws. Fines of up to $1.5
million could be issued for HIPAA violations due to storing
data past its retention date, with that number multiplied by
the number of years each violation has been allowed to
Blancco’s exclusive study, The High Cost of Cluttered Data
Centers, produced in partnership with Coleman Parks,
reflects the extent in which global organizations are
paralyzed by fear of reputational damage. This is primarily
the risk of sensitive data that is stored on old IT hardware
of being breached or misused. Put simply, organizations are
opting to spend vast sums of money storing these devices,
contrary in many cases, to data protection laws and
regulations, rather than entrusting them to data erasure
experts for wiping before reuse.
“Global organizations are unnecessarily wasting vast sums of
money from noncompliance and onsite storage fees – charges
that could be easily mitigated,” said Fredrik Forslund, Vice
President, Enterprise and Cloud Erasure Solutions at Blancco.
“This points to a huge lack of education within the sector
about what to do with hardware that is faulty or has reached
end-of-life. Organizations are letting this hardware pile up
in fear of data leakage, resulting in loss of efficiency,
increasing capital costs, possible noncompliance and
potential security risks.”
The global data center industry remains gripped by a lack of
time and resources to complete comprehensive data privacy
processes. This remains one of the key reasons why
organizations, particularly those that own their own data
centers and store all data onsite, are keeping IT assets
past their useful lives.
global findings include:
surveyed stored a large portion of their data onsite, with 48
percent storing 31 to 60 percent of their data onsite, 42
percent storing 10 to 30 percent of their data onsite and 10
percent of organizations storing over 60 percent of their data
failed a simple data sanitization test, despite their job titles
suggesting that they should know more. Over half of the
respondents, 57 percent, agreed that a quick or full reformat of
a drive would permanently erase all data.
also stated they are using multiple methods to sanitize their
data. What’s worrying is that 62 percent of organizations
surveyed are using free online tools with no verification or
certification to erase data securely.
Amazingly, most of
organizations surveyed (80 percent) admitted that at least a
quarter of end-of-life drives sit uselessly idle in their data
centers. Three quarters of organizations (75 percent) confessed
that 25 percent of all RMA drives stored onsite were only there
because they aren’t willing to follow required processes to
return them to the manufacturer.
Key North America
In the United
States, 41 percent of respondents shared that more than half of
their organizations drives stored onsite are “past-due” because
they are unable or unwilling to return them to the manufacturer.
This figure jumps to 79 percent in United States and 76 percent
in Canada, with respondents reporting at least a quarter of old
drives are still onsite.
52 percent of U.S.
respondents, and slightly more in Canada at 57 percent, reported
that their organizations have been cited one or more times by a
regulatory/governing body for failure to comply with state,
federal or international data protection laws such as GDPR in
the last 24 months.
75 percent of U.S.
respondents – and 70 percent of Canadians surveyed – said that
ineffective methods were their main concern when it comes to
dealing with “manual/time consuming processes.” 71 percent of
U.S. respondents – 65 percent in Canada – said that the most
effective way for them to improve their current RMA return
process would be to add the ability to erase full racks of
servers or multiple drives simultaneously.
Key UK findings
74 percent of U.K.
organizations admitted that at least 26 percent of all RMA
drives stored onsite were only there because they aren’t
unwilling to return them to the manufacturer. A quarter also
confessed more than half (51 percent) of their RMA drives sit
uselessly idle in their data centers for the same reason.
When asked about
their major pain points in not returning RMA drives or servers
to the manufacturer when their lease is up, 73 percent of U.K.
respondents stated manual/time-consuming processes and 49
percent noted external security/privacy concerns, the highest
percentage points from all the countries surveyed.
While some countries
had their own priorities, the U.K. was most worried about GDPR
(43 percent), followed closely by increasing automation across
the data center (41 percent).