Over-reliance on Encryption Could Mean Disaster
There are many reasons why organizations believe encrypted data storage devices would be absolutely safe during transport after being decommissioned. However, even if a hard drive is encrypted, it can still be lost or stolen and inevitably end up in the wrong hands. Encryption methods are by no means a silver bullet to solve enterprise data security threats. Some companies are over-reliant on this method to protect their data storage devices during transit. Encryption can be broken with a simple password, and a determined hacker or thief may still be able to perform advanced hacking or experimentation on an encrypted drive.
It is important to note that encryption of data storage devices is just one component in a total data security solution; it goes hand-in-hand with auditing and reporting, written policies and procedures, and advanced methods of sanitization, such as degaussing. However, challenges with encryption still persist, leaving data breach opportunities available to hackers.
- First, human errors can lead an asset or IT manager to believe that a hard drive is encrypted even though it is not. One main reason for this is that there is no visible difference in the appearance between an encrypted and an unencrypted hard drive. Should a device end up in the wrong pile during the encryption process, the consequences can be devastating.
- Secondly, the encryption arena is a playground for hackers. Hackers have been known to gain access to encryption keys and lock out users unless they pay a steep ransom. Lastly, encryption can be overly restrictive to an enterprise’s productivity. There have been cases where the users of encryption keys accidentally lock out themselves, causing the data to be inaccessible even by authorized parties.
Manufacturers that offer discounts for obsolete data storage devices make this return practice appear financially beneficial to their customers. But the potential data breach costs of devices lost or stolen during transit back to manufacturers far outweigh any savings. According to the Ponemon Institute’s annual study of data loss, data breaches in 2011 averaged $7.2 million in losses per breach for large companies, and that amount is growing. Along with the embedded costs of notification, litigation, and assessed fees and fines from state Attorney Generals, breaches significantly damage the reputations of companies as the public perceives them to have lax security practices.