A third of the world’s largest enterprises use inadequate data sanitization to prevent data breaches at end-of-life

Gaps in data sanitization knowledge and policies mean global enterprises are putting their organizations at risk of security and compliance breakdowns.

New research launched by Blancco Technology Group outlines the current misconceptions that prompt so many decision makers to mistakenly choose inadequate data sanitization methods and put their organizations at risk. Blancco’s study, A False Sense of Security, produced in partnership with Coleman Parks, highlights how global enterprises’ overconfidence is exposing the organizations to the risk of data breach, at a time when proper data management should be at the forefront of everything they do. Three quarters (73 percent) agreed that the large volume of different devices at end-of-life leaves their company vulnerable to a data security breach, while 68 percent said they were very concerned about the risk of data breach related to end-of-life equipment.


This survey of 1,850 senior leaders from the world’s largest enterprises in APAC, Europe and North America reveals that more than one in three organizations take considerable risks with the way they sanitize data at end-of-life. These risks include:

·Using inappropriate data removal methods – 36 percent reported using data wiping methods such as formatting, overwriting using free software tools or paid software-based tools without certification or physical destruction (both degaussing and shredding) with no audit trail. These methods are not fully secure and can leave businesses open to potential security and compliance issues. But what’s of particular concern is that 4 percent of these enterprises are not sanitizing data at all, leaving them wide open to attacks.

·Keeping large stockpiles of out-of-use equipment within the company and not dealing with them within a suitable time frame – 80 percent of enterprises admitted having a stockpile of out-of-use equipment sitting in storage and 57 percent reported taking longer than two weeks to erase devices, adding to the risks of potential internal data breaches and lost data.

·Failing to maintain a clear chain of custody with an appropriate audit trail for end-of-life assets, including during transportation to an offsite destruction facility – 17 percent of enterprises report not having an audit trail for the physical destruction process, and 31 percent admitted not capturing the drive serial number. This lack of chain of custody controls means these enterprises are running the risk of data breaches and non-compliance.

The research also reveals that 17 percent of global enterprises use physical shredding or degaussing for end-of-life devices, even though shredding does not always provide a true, certified audit trail that spans the full chain of custody lifecycle.

“Global enterprises are clearly concerned about data when devices reach end-of-life; however, despite knowing the risks involved, many still choose to use an inadequate approach to protect their organization,” said Fredrik Forslund, Vice President, Enterprise and Cloud Erasure Solutions at Blancco. “This points to a huge and worrying knowledge gap within the sector and among senior leaders about the security and compliance implications of physical destruction and end-of-life equipment lying around.”

Other key global findings include:

·A fifth (20 percent) of global enterprises (33 percent in U.S./Canada and the U.K.) do not have a different process for dealing with SSD drives compared to HDD drives and are running the risk of not having all the data appropriately sanitized and being in non-compliance with industry standards.

The enterprises surveyed also reported that 18 percent of their devices are left somewhere within the company with no action. This highlights a huge security issue and one that should be dealt with immediately.

Research shows ‘game needs to be changed,’ with security innovation years behind that of the attackers, the board a decade behind security discussions and regulation needing more industry input.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that the UK’s Mid-Market IT Leadership expects to see a shortfall in IT spend in 2022. While 52% of IT decision-makers believe their 2021 budget met the ambitions of their team, there seems to be less certainty and confidence about future finances — 61% think their budget will need to increase in 2022, but only 13% expect it to.
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and operational cloud services that is unique on the market, enabling clients across the world to meet the challenges of managing their data in the edge to cloud continuum, in line with the highest jurisdictional data governance requirements. Part of the Atos' OneCloud initiative, Atos OneCloud Sovereign Shield is a comprehensive edge to cloud platform ecosystem and highly secure service that improves the level of control clients have over the data they produce and exchange, helping them regain control and effectively deal with legal dependencies.
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets across Europe with further expansion into APAC planned.
Research from Avast has found that employees in almost a third (31%) of Small and Medium Businesses (SMBs) in the UK are connecting to the corporate network using personal devices that do not have any security controls in place, according to IT Decision Makers (ITDMs) within SMBs.
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53% offer backup services.
Trend Micro has published new research revealing that 90% of IT decision makers claim their business would be willing to compromise on cybersecurity in favor of digital transformation, productivity, or other goals. Additionally, 82% have felt pressured to downplay the severity of cyber risks to their board.
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real terms’ during 2022 – leading to increased cyber vulnerability.