Enterprise businesses trust ITADs to securely destroy their IT assets to the point that data cannot be recovered. Adding an additional level of security with software-based data erasure guarantees that even the most challenging IT assets (like SSDs) are completely wiped prior to destruction. Erasure also fits within Article 17 of GDPR requirements, the ‘Right to Erasure, ’ which requires businesses to permanently remove customer information upon request. Learn how you can prepare your organization to meet these requirements in this session with Fredrik Forslund, Director of Cloud and Data Center Erasure Solutions for Blancco Technology Group.
Franck to open up and kick it off to our partners & intro the subject at a high level.
Fred to discuss how organisations traditionally consider the asset lifecycle, how that has been the ITAD industry platform, however end customer is changing their way of thinking to consider the information lifecycle & actively managing data. This leads to new business opportunities for those who already help with assets…now help with on-site services.
The Global Databerg Report found that only 15 percent of organizational data was business critical. The other 85 percent was either redundant, obsolete, trivial, or considered dark data. - See more at: http://blog.shi.com/2016/07/05/heres-why-unstructured-data-is-putting-your-organization-at-risk/#.WLm0-IWcHIW
Article 58 of the GDPR provides the supervisory authority with the power to impose administrative fines under Article 83 based on several factors, including:
The nature, gravity and duration of the infringement (e.g., how many people were affected and how much damage was suffered by them)
Whether the infringement was intentional or negligent
Whether the controller or processor took any steps to mitigate the damage
Technical and organizational measures that had been implemented by the controller or processor
Prior infringements by the controller or processor
The degree of cooperation with the regulator
The types of personal data involved
The way the regulator found out about the infringement
regulators have the authority to levy a fine in an amount that is up to the GREATER of €20 million or 4% of global annual turnover in the prior year. Examples that fall under this category are non-adherence to the core principles of processing personal data, infringement of the rights of data subjects and the transfer of personal data to third countries or international organizations that do not ensure an adequate level of data protection.
A lot of big providers of cloud (microsoft and salesforce) – if a company is going to store data in their cloud,
Physical level:
Drive eraser to target the entire physical drive
Logical/virtual:
Increasing awareness and demand where we erase on the logical level (we can’t capture serial drives numbers or NIST purge)
Fred to present
What kind of IMPACT does this make to an organization?
To talk about the impact, it is important to talk about the data that exists that we call “dark”
What is dark data: According to Gartner, it is the information assets organizations collect, process and store during regular business activities, but generally fail to use for other purposes. (Gartner)
IBM estimates that this will rise to 93% by 2020, giving the example that cars will be generating 350MB of data every second, all of which will need to go somewhere. Dark data is different for each industry and individual company, but common examples include:⦁ Spreadsheets (in one study, a business with 1,500 employees had 2.5 million spreadsheets, amounting to billions of cells of data)⦁ Multiple old versions of documents⦁ Email attachments and .zip files that are downloaded and then ignored⦁ Inactive databases and unused customer information⦁ Previous employee files and content (e.g. project notes)⦁ Analytics reports and survey data⦁ Log files, account information and transaction historyUltimately, it’s data that’s left behind from processes, scattered across every level of a business. It’s disregarded and considered unnecessary by one department, but may be highly valuable to another.
With Blancco – you can support your data retention and safe disposal policies in place. The policies should be aligned with the prescriptions of the Department of Defense. Carefully formulate policies identifying data for erasure or destruction. Good retention policies will help you retain valuable data for later use.
problems of keeping dark/unstructured data – increases attack surface, cost of storing, cost of breach
Then what are you options - cost is higher if you keep actively, lower if you keep in passive archive and even lower if you erase fully.
Franck to present
Please use this document as reference http://download.blancco.com/download/en-bp-optimizing-your-it-budget-cost-of-cloud-data-storage-vs-data-erasure.pdf
https://cdn2.hubspot.net/hubfs/1624046/IDGE_Data_Analysis_2016_final.pdf?t=1496694598964
This research from 2016 by IDG over 724 IT decision makers states as follows:
>Almost a quarter of respondents (19%) are managing less than a terabyte of data, while only 7% are managing more than a petabyte. Although the average company manages 162.9TB of data, the average enterprise has 347.56TB of data, seven times as much data as the average SMB with 47.81TB.<
Franck to present
What data should we keep for how long & why. EOL – what process do they have in place? If they haven’t yet decided we can offer Blancco solution…slide??
Real trigger for these global customers where their customers are residing in the EU/UK or their customers have customers in their database.
Center around the EU GDPR trigger to set the stage to make sure we are educating them on the EU GDPR and what is on the horizon for organizations in the US that have clients on a global scale.
Keep this simple – clearly articulate what you have to HAVE to.
Real trigger for these global customers where their customers are residing in the EU/UK or their customers have customers in their database.
Center around the EU GDPR trigger to set the stage to make sure we are educating them on the EU GDPR and what is on the horizon for organizations in the US that have clients on a global scale.
Keep this simple – clearly articulate what you have to HAVE to.
Real trigger for these global customers where their customers are residing in the EU/UK or their customers have customers in their database.
Center around the EU GDPR trigger to set the stage to make sure we are educating them on the EU GDPR and what is on the horizon for organizations in the US that have clients on a global scale.
Keep this simple – clearly articulate what you have to HAVE to.
Produces a 100% certified data erasure and tamper-proof audit trailSo you can ensure compliance with industry standards and regulations, including PCI DSS, HIPAA, SOX, ISO 27001, ISO 27040 and EU General Data Protection Regulation
Typical User Data:
Personally identifiable information, such as names, addresses, and photos
Health records
Financial records or customer data
75000 DPOs
India example and more……..data moving to local storage and trust in data management becoming a competitive advantage,
”Treat all customer data like EU citizen data”