During the past year, we witnessed a shocking increase in data breaches and data breach costs, with the average cost of a breach in the public sector having surged by 78.7% globally between 2020 and 2021. That, combined with the increased potential for cyberattacks due to the instability in the current geopolitical climate, leaves organizations with an enormous responsibility to their citizens, especially as the importance of privacy and data protection grows among citizens and lawmakers.
Blancco, a leader in data erasure and mobile lifecycle solutions, released an eye-opening new report that reveals shortcomings in public sector policies on device sanitization. The report, titled, The Price of Destruction: Exploring the Financial & Environmental Costs of Public Sector Device Sanitization, commissioned by Blancco and conducted independently by Coleman Parkes Research in December 2021 and January 2022, analyzes data from 596 government employees in nine countries: the United States (U.S.), Canada, the United Kingdom (U.K.), France, Germany, Japan, Singapore, India, and Australia. Fifty-five percent work for organizations between 1,000 and 4,999 employees, and 45% work for more than 5,000 employees.
The report shows trends that point to opportunities to improve the financial, environmental, and data sanitation and security practices within public sector organizations. Specifically, Blancco’s survey found that a lack of best practices costs government organizations millions of dollars, creates environmental challenges, and puts U.S. public sector data at unnecessary risk. These findings were consistent in the U.S., Canada, and the seven other countries where IT leaders at government agencies were surveyed.
Millions of dollars spent on unnecessary physical destruction of storage devices
While physical destruction is still mandated if decommissioned drives were used to store classified or secret data, other data sanitization solutions are available for unclassified data-bearing assets. Unnecessary destruction increases IT operations and materials costs for fiscally-constrained public sector organizations. One of the study’s main findings was that public sector organizations represented spend as much as $17M annually on the physical destruction of solid-state drives (SSDs), a data storage device widely used both independently and within laptops, desktops, and servers. Between 37% and 45% of our respondents’ devices, or the drives alone, are sent offsite for physical destruction; and between 23% to 52% of organizations within a country believed that physical destruction was cheaper than other data sanitization solutions, including those that would facilitate reuse and longer device life. Almost a quarter of respondents (22%) said they are unaware of alternative data sanitization methods, and 35% believe no certified or approved data sanitation service or solution provides another option for them (which is not accurate).
Additionally, replacement costs added another $40M, bringing expenses up to $57M for destroying public sector technology that is often still usable. For 70 organizations surveyed in each country, the costs for SSD destruction and replacement reached between $6.9M and $7.3M for the U.S. and between $4.3M and $4.6M in Canada.
As supply chain issues and global chip shortages intensify amidst global instability and pandemic aftermath, reusing and recycling IT equipment is becoming increasingly worthwhile from an operational perspective.
Increased e-waste creation from the destruction of IT assets raising environmental costs
Beyond the cost perspective lies a growing concern for sub-par environmental practices. Despite 54% of respondents agreeing that reuse of SSDs is better for the environment than physical destruction and almost all respondents (93%) saying their organization had defined plans to reduce the environmental impact caused by destroying IT equipment, less than a quarter (21%) are actively implementing those plans.
Furthermore, 41% of global respondents say physical destruction is mandated by law to physically destroy SSDs that contain classified data, so they destroy all SSDs “just in case.”
Increased e-waste creation from the destruction of IT assets is misaligned with the global call for more prudent environmental stewardship. The report findings in this sphere highlight that the public sector’s current engagement with sustainable alternatives can be significantly improved.
Public sector IT leaders using vulnerable processes for data sanitization
On the whole, respondents were well informed of their country’s or region’s respective data protection laws. However, some respondents’ processes for carrying out compliant SSD sanitization are concerning. For example, 78% of respondents globally (83% in the U.S.) said they reformat drives to sanitize them. Unfortunately, formatting alone can still leave drives vulnerable during transport or storage, and much of the data can be recovered with forensics tools easily available online.
Additionally, 37% of respondents are “aware of only” the NIST SP 800-88 r1 and do not know guideline details.
According to Alan Bentley, president of Global Strategy at Blancco, several factors, including accelerated digital transformation, rising numbers of public sector data breaches, and global sustainability initiatives, are changing the data management landscape. He states: “With growing environmental and funding pressures, there is a need for these public sector operations to be more sustainable and efficient while maintaining robust security. Public sector organizations must explore SSD sanitization alternatives to demonstrate prudent use of agency funds and a greater contribution to national and international sustainability efforts.”
He adds: “We’ve seen several public sector departments benefit from moving away from destroying data-bearing assets to reusing them or building up the circular economy. Our study highlights that there are significant opportunities for policy reform surrounding SSD data protection as national policymakers seek to steward financial, environmental, and data resources entrusted to their care.”
The survey findings did show that governments and public sector organizations are committing to sustainability improvements; however, very few have been driving implementation, which, in turn, is resulting in a high cost of SSD destruction and replacement.
For full analysis, read the report here: www.blancco.com/the-price-of-destruction.