The frightening reality is that storage remains insecure. ESG data suggests that 30% of users do not include storage infrastructure in their corporate security policies and procedures. While servers provide some storage protection, an inside attack could easily result in compliance issues, intellectual property theft or data corruption; all of which could be devastating. Further, the information and media on these systems are put at additional risk when these systems are routinely relocated, reallocated or serviced.
When it comes to fighting data breaches or complying with regulations, organizations must implement an information-centric security infrastructure -- one that protects confidential information, not just desktops, networks and servers. This type of approach has several key components:
- Risk assessments and strong controls
- Data classification
- An information-centric security infrastructure
In this paper, ESG analysts Jon Oltsik and Heidi Biggar discuss the particulars of information security and data erasure, pointing out common misperceptions and overlooked problems -- and explaining why data deletion is not an adequate security measure. They also describe the components of an information-centric security infrastructure, best practices for data erasure and what to look for when retaining data erasure services.