In our increasingly digital world, hot-button security topics tend to focus on protecting cloud assets, dealing with the Internet of Things and keeping personal information safe when engaging in big data. However, many organizations end up focusing so heavily on the digital world that they forget to keep their physical assets safe. This trend is especially evident in the health care industry, where organizations are facing mounting pressure to digitize quickly and physical data is becoming increasingly difficult to deal with. Hard disk drives are central in this changing environment, as health care companies going digital must consider the physical location where data is stored.
Understanding the physical security problem
The big problem with securing physical items is the need to control them. Think about how organizations tend to secure digital data. They establish:
- Clear workflows for where data can travel within the IT configuration.
- Defined user authorizations that ensure data is not accessed by those who shouldn’t see it.
- Network parameters that safeguard data in transit and control how information moves.
“Maintaining control of assets is critical when it comes to physical data security.”
Applying these same parameters to the physical world is extremely difficult. What’s to stop a hard disk from getting stolen in transit, lost or simply forgotten in a back room? Think these kinds of situations sound trivial, consider a recent incident with the National Health Service in the U.K.. According to a report from The Register, clerical errors between the NHS and one of its partners led to more than 200,000 patient letters being misplaced over the course of five years.
The news source explained that these letters, many of which contained critical information and patient updates, were accidentally stored away in a warehouse due to a systematic error in how the assets were handled. Industry expert Tony Pepper told The Register that this problem stemmed from the challenges specific to managing physical data assets.
“Physical data is inherently less secure than digital – it’s difficult to trace, goes missing easily and is often open to interference,” said Pepper. “While digital records have their own set of challenges, with the right foresight and security and compliance mechanisms in place, it’s far less likely to go missing or be subject on this scale to the same issues of human error.”
These paper-related problems extend directly to how organizations handle hard disk drives. If you are shipping HDDs to third-party specialists, you must be sure that nobody tampers with devices in transit, every single disk gets to the destination without being accessed by an unauthorized individual and that each item is properly destroyed by the third party. As the NHS learned, it can be extremely difficult to gain visibility into what is happening at a third-party location and secure physical assets once they are out of your hands.
Maintaining control of assets is critical when it comes to physical data security, and organizations that are becoming more reliant on digital data need to consider the physical security implications of that move. Protecting hard disks, particularly when decommissioning devices, is critical.
“Hard disks are critical physical data assets that must be managed with care.”
Taking care of what you can control
As companies continue to explore emerging technological models, particularly cloud computing, many are thinking they can rely heavily on third parties to keep their data safe. However, a HealthITSecurity report explained that many security vulnerabilities exist within organizational data workflows. In fact, the news source pointed to a Gartner study that found 95 percent of cloud security breaches between now and 2020 will be the customer’s fault, not that of the cloud providers.
This study puts hospitals and other care providers in a difficult situation when it comes to managing physical data assets, such as hard disks. On one hand, relying on third-party providers to handle data stored on physical media can lead to problems beyond your control. On the other hand, organizations that struggle to optimize their own data workflows can end up facing considerable risk.
As hospitals embrace a move away from paper and to digital, hard disks become critical physical data assets that must be managed with care. However, they also tend to be neglected when it comes to data security plans, as many companies don’t think about what to do with HDDs until they need to decommission a bunch of systems. Having a plan in place to manage HDDs through this process is critical, and destroying a hard drive may not be as simple as it seems at first glance.
Managing HDD destruction with care
A typical component of hard disk destruction is shredding the disk. Many organizations will take batches of hard drives and ship them out to third parties for destruction. In health care, this often means setting up new workflows for disk management and relying on a partner to track every phase of the operation to ensure regulatory compliance. This is where disk degaussers can be used to help companies maintain control of their data workflows and avoid dependence on third-party providers.
A disk degausser uses a magnetic charge to erase a disk. This is more effective than physical and software destruction in a few key ways, including:
- It completely erases data whereas software wipes leave information recoverable by data forensics.
- It uses magnets to depolarize the disk, making data completely inaccessible. Shredding leaves data on remaining parts of the disk available for extraction.
Leading degaussers are certified for compliance with key standards, such as HIPAA, and investing in such a solution allows your IT teams to quickly erase disks once they are removed from computers, servers or similar devices. This allows health care organizations to maintain control over their data workflows, depend less on third-party partners and properly destroy data to keep it safe.