Even though they could be reused, millions of storage devices are destroyed annually. You don't need a degree in engineering to understand that's bad, claims Jonmichael Hands.
He serves as the Circular Drive Initiative's (CDI) secretary and treasurer, a group of technology companies that promotes the safe redistribution of storage hardware. He is employed by the blockchain technology company Chia Network as well.
Chia Network could easily recycle storage units that significant data centers have decided they no longer require. The business contacted companies that dispose of outdated technology for companies that no longer require it in 2021. "Sorry, we have to shred old drives," was the response that was given. ".
When telling the story, Mr. Hands asks, "What do you mean, you destroy them? "They said the customers wouldn't let them do that, just erase the data, and then sell them. Five million drives were being destroyed for one customer, according to one ITAD provider. ".
The typical warranty period for storage devices is five years, after which time they are retired by large data centers. The CDI estimates that 90% of hard drives are destroyed when they are removed, but drives that contain less sensitive data are spared.
Because, according to Mr. Hands, "the cloud service providers we spoke to said security, but what they really meant was risk management.". They follow a zero-risk philosophy. It can't happen once every million drives, once every 10 million drives, or once every 100 million drives. Zero is required. ".
Ironically, it's now fairly dangerous to shred devices. The most recent drives have 500,000 data tracks per square inch. A skilled data recovery specialist could read the data from a piece as small as 3mm, according to Mr. Hands.
The Standard for Sanitizing Storage was approved by the IEEE Standards Association last year. It describes three techniques for sanitizing, or removing data from devices.
The "clear" method is the least secure. Despite being completely deleted, the data could still be recovered with specialized tools. If you want to repurpose the drive inside of your business, it is adequate.
The most extreme technique is to melt or burn the drives to death. Data, the drive, and its components cannot ever be recovered.
A safe choice for reuse lies in the middle of the two: purging. Data recovery after a drive has been purged is not feasible with modern tools and methods.
A drive can be cleaned up in a number of ways. Hard drives, for instance, can be filled with fresh patterns of data that can then be checked to ensure the original data has vanished. It might take a day or two given current storage capacities.
In contrast, a cryptographic erase only needs a few seconds. Inbuilt encryption is a common feature of modern drives, making it impossible to read the data on them without the encryption key. The data is all scrambled if that key is lost. It's still there, but it's unreadable. It's okay to sell the hard drive.
As a founding member of the CDI, Seagate is a preeminent supplier of data storage solutions. Drives could be put back into use if, in the words of Amy Zuckerman, director of sustainability and transformation at Seagate, "all of our customers can universally trust that we have secure erase.". On a very small scale, that is indeed happening. ".
Seagate avoided producing more than 540 tonnes of electronic waste (e-waste) in its 2022 fiscal year by refurbishing and reselling 1.16 million hard drives and solid-state drives (SSDs). Drives that were returned under warranty as well as drives that were purchased back from customers are included.
Three tonnes of e-waste were recovered by a pilot take-back program in Taiwan. Scaling up the program is the current challenge, according to Ms. Zuckerman.
Tested, recertified, and sold with a five- or seven-year warranty, refurbished drives are in excellent condition. According to her, "we are seeing small data centers and cryptocurrency mining operations pick them up.". Our successes have been more modest, and I imagine that is also true for other people working on this issue. ".
The number of times each drive can be repaired and used again is not anticipated. We are only currently focusing on that double use, according to Ms. Zuckerman.
Such plans have a lot of potential. The warranties on a significant portion of the 375 million hard drives that were sold by all companies in 2018 are now expiring.
Seagate looks first at parts extraction and then materials recycling for drives that can't be reused. In the Taiwan pilot program, magnets and aluminum made up 57% of the recycled material. According to Ms. Zuckerman, innovation is required across the board if we are to recover more of the 61 chemical components used in the drives.
Other devices, such as routers, can benefit from the sanitizing and reuse of hardware principle. According to Tony Anscombe, chief security evangelist at IT security company ESET, "Just because a company has a policy of replacing something over three years, doesn't mean it's defunct for the entire world.".
'A large internet service provider (ISP) may be decommissioning some enterprise-grade routers that a smaller ISP would swoon over,' according to the report. ".
Business technology has become more sophisticated.
However, it's crucial to have a decommissioning procedure that secures the devices. The kind of core routers used in business networks were purchased by ESET used. Out of 18 routers, only five had been properly wiped. The remaining files contained data that could be useful to hackers, such as network, application, or customer information. Each had enough information to pinpoint the original owners.
One of the routers had apparently been sold on without the data after being given to an organization that disposed of electronic waste. The original owner was contacted by ESET. They were stunned, claims Mr. Anscombe. Even if they hire a sanitization and e-waste company, businesses should try to sanitize devices themselves as much as possible. ".
While devices are still receiving support, Mr. Anscombe advises businesses to test the device sanitization procedure. The manufacturer can assist if anything is unclear at that point. In case the manufacturer takes it down from their website, he also advises saving all process-related documentation.
According to Mr. Anscombe, businesses should create and store a backup of the device before sanitizing it. If any information does get out, it's simpler to understand than what was lost.
Finally, organizations ought to make it simple for people to report security breaches. According to Mr. Anscombe, it was challenging to inform companies of the information discovered on their outdated routers.
Give it to a security researcher and see what they can find, advises Mr. Anscombe, to help businesses verify that data has been removed from a device. Many cyber-security teams will have a member who is knowledgeable about how to remove the device's lid and check to see if it has been thoroughly sanitized. ".
Companies can confidently send devices for reuse or recycling if they know how to properly clean the data from them. The era of the "take-make-waste" linear economy must end, according to Ms. Zuckerman of Seagate.
