[Étude] Half of French companies erase data from end-of-life equipment

[ad_1]

Its title sums it up perfectly: "A false sense of security." A study *, commissioned by the Blancco Technology group and carried out in August 2019 by Coleman Parkes Research, warns of poor practices in terms of data management. As computer attacks of all kinds multiply internationally, large companies would demonstrate "exaggerated trust", unfounded, which would increase the risk of piracy. If 61% of them say they "very concerned" by the latter, 68% paradoxically admit that they largely use end-of-life devices … which makes them a prime target.

POOR PRACTICE

Of the 1,850 business leaders surveyed, 251 are French. Based on their statements, the study estimates that about "one in two takes considerable risks when cleaning up data". Unsuitable methods, such as formatting, overwriting with non-certified tools or physical destruction (demagnetization, grinding) without audit, are at the top of the vulnerability factors (47%). Ways of doing that "leave the door open to security and compliance issues", according to the study, which found that 8% of companies simply do not carry out remediation.

Another downside for companies: their annoying tendency to accumulate reserves of non-operational equipment on site – up to 87% of them in France, the maximum of the nine countries studied. Thus, only 2% declare immediately erasing data from end-of-life equipment, while 75% wait at least two weeks. "Failure to maintain a clear chain of responsibility", 28% of large French companies even claim not to have an audit trail for the physical destruction process … and 36% confess not to record the serial number of the disks concerned.

A SITUATION TO ADDRESS IN EMERGENCY

The study reveals other trends. Out of 100 large French companies, 20 have not implemented a differentiated process for SSD and HDD drives, running the risk of not deleting all their data and of not complying with the standards in force. In addition, the companies surveyed reported that 20% of their devices are stored on their premises without any specific measures being taken. "A situation which highlights a huge security problem, which they must immediately remedy", say the authors of this barometer.

 "Large French companies worry about data when their devices reach the end of their life. Although they are aware of the risks involved, many of them still decide to adopt an inadequate protection approachsays Fredrik Forslund, vice president of cloud and enterprise erasing solutions at Blancco. This highlights huge, worrying gaps in this sector and among French leaders regarding the security and compliance implications of physical destruction and end-of-life equipment storage. "

BETTER INTERNATIONAL, BUT THE SITUATION REMAINS PROBLEMATIC

Internationally, the situation seems slightly better … even if similar biases are noted. Many multinationals also claimed to use different methods of data deletion. Out of 100 companies surveyed: 17 reported using physical destruction, 13 using erasure or cryptographic encryption, 12 overwriting with free software, and 7 with paid software. "It is particularly worrying that 4% of the foreign companies questioned do not use any data sanitation method", notes the study.

Almost as many companies as in France admit to stocking IT equipment out of service (80%). Only 13% say they immediately erase their end-of-life equipment, compared to 57% within two weeks at best. When asked about their safety concerns related to end-of-life equipment, almost three-quarters of them (73%) agree that the number of end-of-life devices makes them vulnerable to data piracy and more than two thirds (68%) have real concerns about the risks of cyberattacks linked to these same devices. If, in France and abroad, awareness of the risks involved is developed, there are therefore far too few acts.

* Study commissioned by Blancco Technology Group and conducted by Coleman Parkes Research in August 2019, on a sample of 1,850 decision-makers (compliance managers, data protection, IT operations and assets, CIOs, financial managers) from as many companies from over 5000 employees. These companies operate in the United Kingdom, the United States, Canada, Germany, in France, at Japan, in India, in Singapore and in Australia in various sectors: health, public, pharmaceutical, finance, technology, defense, legal, manufacturing, energy, transport and consulting.

[ad_2]