New research launched today by Blancco Technology Group reveals current practices and policies for device sanitization within the public sector. For Blancco’s study, The Price of Destruction: Exploring the Financial & Environmental Costs of Public Sector Device Sanitization, researchers spoke to 596 government IT leaders across nine countries including 70 in India. The survey revealed that the Indian government and public sector organizations represented spend as much as INR 151 million (USD $2 million) annually on the physical destruction of solid-state drives (SSDs), a data storage device widely used both independently and within laptops, desktops, and servers.
Additionally, replacement costs added another INR 265 million (USD $3.5 million), bringing expenses up to INR 416 million (USD $5.5 million) for destroying public sector technology that is often still usable.
Environmental Costs
With global electronic (e-waste) called the “world’s fastest growing domestic waste stream,” the study also explores the environmental costs of physical destruction and the public sector’s current engagement with sustainable alternatives. Unnecessary destruction increases IT operations and materials costs for fiscally constrained public sector organizations. It also fosters increased e-waste creation during a global call for more prudent environmental stewardship.
Despite 40% of Indian respondents agreeing that reuse of SSDs is better for the environment than physical destruction and almost all respondents (96%) saying their organization had defined plans to reduce the environmental impact caused by destroying IT equipment, only a quarter (26%) are actively implementing those plans.
Security Concerns
For security reasons, physical destruction is still mandated if decommissioned drives were used to store classified or secret data. For unclassified data-bearing assets, other data sanitization solutions are available.
On the whole, respondents were well informed of their country’s or region’s respective data protection laws. However, some respondents’ processes for carrying out compliant SSD sanitization are concerning. For example, 89% of Indian respondents said they reformat drives to sanitize them. Unfortunately, formatting alone can still leave drives vulnerable during transport or storage, and much of the data can be recovered with forensics tools easily available online.
“The Indian government and public sector organizations are responsible for handling some of the most sensitive information in the world. But several factors, including accelerated digital transformation, rising numbers of public sector data breaches and global sustainability initiatives, are changing the data management landscape,” said Alan Bentley, President of Global Strategy, Blancco. “With growing environmental and funding pressures, there is a need for these public sector operations to be more sustainable and efficient while maintaining robust security. Public sector organizations must explore SSD sanitization alternatives to demonstrate prudent use of agency funds and a greater contribution to national and international sustainability efforts.”
“We’ve seen several public sector departments benefit from moving away from destroying data bearing assets to reusing them or building up the circular economy. Our study highlights that there are significant opportunities for policy reform surrounding SSD data protection as national policymakers seek to steward financial, environmental, and data resources entrusted to their care,” added Bentley.
As the report concludes, governments and public sector organizations globally are committing to sustainability improvements, but very few have pushed forward with their implementation. This is resulting in a high cost of SSD destruction and replacement.
With governments and public sector organizations under the spotlight when it comes to spending, it is increasingly urgent that they consider sustainable alternatives that extend device life, maintain lock-tight data security on end-of-life SSDs and, ultimately, save public services millions of dollars.
According to Blancco’s study of 70 public sector organizations, which represents 19% of central government/regional/local government organizations in India:
• 32% of respondents say physical destruction is mandated by law to physically destroy SSDs that contain classified data, so they destroy all SSDs “just in case.”
• 38% of respondents believe that physical destruction is cheaper than other sanitization solutions.
• Almost a quarter (23%) are unaware of alternative methods of sanitization.
• 41% believe there is no certified or approved vendor or solution that provides another option for them, the highest from all the countries surveyed.
• While 42% of respondents stated that they physically destroy drives because it’s more secure than other data sanitization solutions, only 14% strongly agree that they have full confidence in their organization’s physical destruction process (41% slightly agree).
• 41% of Indian respondents’ devices, or the drives alone, are sent offsite for physical destruction