Cloud computing is convenient, but cloud providers have to carefully consider how to manage secure server decommissioning. Amazon is a leader in the cloud computing market, but it only holds 32% of the share. Smaller companies falling into the “Other” category dominate as cloud providers. Most workers spend time with one or all of the biggest cloud services every day. If your company has remote workers, you’re probably familiar with services like Google Drive and Dropbox.
The cloud is an amazing and scary place. Once files are stored in the cloud, they’re harder to erase forever. Customers may delete a file and think that the file is gone for good, but it’s not. It’s still out there. The only thing deletion does is removes the simple pathway to finding it.
While businesses rely heavily on these services, they may not stop to think about the security measures being used. Cloud providers keep all of this information on floor-to-ceiling servers in their data centers. Those servers and disk arrays get used over and over until they’re no longer viable. At that point, business owners have to trust that data destruction during a decommissioning is done correctly. While you’d think it would be commonplace to meet the regulatory laws and practices used for a server, computer, or other electronic devices, it’s not always the case.
There’s one thing about cloud storage that is so important as a cloud provider. All of them need to carefully plan how to decommission their secure servers. If they don’t, the impact to their customers can be devastating and costly. Any cloud provider needs to take steps to guarantee that secure server decommissioning is a primary concern. Cloud providers who take these steps show customers that they’re the best at what they do.
Establish Procedural Guidelines That Are Always Followed
Establish procedures that are followed any time a secure server is decommissioned. Most data centers have large servers lining the walls and extensive cooling systems to prevent them from overheating. Smaller ones may use a system of storage arrays and computers. Due to this setup, secure server decommissioning is challenging. In most cases, you’re destroying the data and reusing the server.
Go through this process step by step. Start by inventorying what is on the server. Note the secure server’s information such as the serial number of the storage array that information was on. Don’t overlook any files. You need a full list of companies and the records that were stored. This information needs to be placed in an area where it won’t get destroyed, such as a fireproof vault or safe.
You need the process to cover how data is wiped. Deleting it from the server is not enough to guarantee those files are done forever. Purging information from the servers may help, but you need to let customers know how often that happens. If your equipment is no longer being used, data wiping needs to be done by a specialist who knows the data wiping standards required in the U.S. Ideally, the data wiping should be done on-site. Once it’s done, documentation proving the information was wiped must be recorded.
What about the data centers where the servers and disk arrays are located? They may still be being used for new customers. If they’re being recycled, they should go into locked rooms or cages until they’re shipped to an e-recycler for processing. At this stage, you want to make sure that every stage of transportation is documented. If you ship an old external hard drive or computer terminal to an e-recycler, you want to use a reputable shipping company.
With a chain of custody, you want the name of the driver that takes the box. Make sure you get a tracking ID number that allows you to find where the item is during every leg of its journey. Real-time tracking is essential. Once at the e-recycling facility, the chain of custody should give the names and badge information for those who handle the box and take the electronics into the processing area.
Create Clear, Thorough Service Level Agreements
As a cloud system may be found in different regions, systems, and networks, a cloud service level agreement (SLA) is important for both you and your clients. It’s designed to better explain what your cloud service provides, what your responsibilities are, what you guarantee, and what you warranty. How do you protect the information people are storing with your company? If something happens, what will you do to correct the issue? What are the customer’s responsibilities?
In this SLA, you should cover what happens in the case of data destruction and ITAD. Make sure clients are aware that data they delete may not be fully deleted until certain measures are taken. Use terminology they understand. We all know that reading the fine print, while important, can be boring. Try to keep your SLA clear, concise, and easy to understand.
Provide Visibility at Every Stage
During a secure server decommissioning project, make sure visibility is maintained during each stage. Send out emails or make calls giving clear dates when it’s going to happen. Detail what will happen and what your clients will receive as proof of data destruction. If you’re emailing a certificate of data destruction to them, let them know it will be arriving via email.
If electronics are going to be recycled after, let them know who is handling it. Keep them updated with real-time tracking. For example, once the servers and disk arrays are on a truck, give updates when the items arrive at the e-recycling facility and when they are being shredded.
Incorporate Proper Electronics Recycling Measures
If your cloud provider is recycling servers, disk arrays, and other electronics, make sure they are recycled correctly. You cannot just leave them at your local recycling center and hope for the best. You don’t know what your local recycling center does. They may turn around and sell them to strangers. If you hadn’t destroyed data, strangers could recover some or all of the data. Instead, you need to be sure that the company that recycles your electronics follows government regulations. If you take the proper steps, you avoid fines and lawsuits.
Wiping data is first. Shredding the electronics is second. From there, the shredded metals, plastics, and wires are sorted and recycled for reuse.
Partner With an Expert
Who do you trust to help with your decommissioning project? Look for companies that hold ISO 9001, R2, NAID AAA, and e-Stewards certifications. NAID AAA is one to pay particular attention to as it’s awarded to companies that meet the National Association for Information Destruction’s specific criteria regarding data protection.
To hold these certifications, ITAD service providers must undergo strict audits. Many of those audits are surprise audits. If a company takes the care to follow the strict steps and measures that keep your data safe, it’s a good company to partner with. ERI possesses these certifications and goes above and beyond by assigning you a dedicated account manager and specially trained logistics professionals and engineers for your secure server decommissioning.
Don’t be ashamed to admit that secure server decommissioning is beyond your company’s scope. Partner with an expert to make sure you meet regulatory laws, properly destroy data, and responsibly recycle your electronics. Talk to ERI for all of your ITAD needs and data center decommissioning projects.