How growing automation and new IoT devices are creating challenges for data destruction

IoT-enabled devices are spreading and wearable technology is allowing people to store even more data on their person.

 

For decades, data destruction revolved around the computer. Employees would leave their home and whatever technology they had there to go to work, where they would record data on typically one machine – a desktop computer. When it was time to decommission that machine, a hard drive degausser – technology that corrupts the magnetic waves governing a hard drive – would be used to render the machine permanently unreadable.

That time is over. Beginning in the late 1990s, laptops emerged as the first portable piece of substantive technology. Cell phones grew increasingly sophisticated until they became smartphones, essentially computers able to be carried in the pockets of all employees and executives.

For a time, companies embraced this – adopting a “bring your own device” to work mentality. After all, employees’ personal devices could provide additional hardware power that the budget-allowed standard computer could not. However, growing cybersecurity awareness has shown what a danger this can be.

While BYOD is on the way out, the smartphone is here to stay. More than that, new technology is emerging. Internet of Things enabled devices are multiplying at an incredible rate, and wearable technology is allowing people to store even more data on their person.

“Drones are frequently supplemented with cameras or sensors.”

Drones and UAVs
While a lot of attention has been paid to the rise of drones in the consumer and military markets, many industries have begun implementing unmanned aerial vehicles to accomplish tasks. Drones by themselves are primarily used by the packaging and shipment industry. Amazon Prime Air is an example of how the online retail giant is looking to UAV tech to improve its delivery service.

However, drones are frequently used with supplemental data-recording enhancements – namely cameras or sensors. Depending on how they’re programmed, UAV cameras can capture a mix of professional and potentially invasive footage. For example, an agricultural camera recording an aerial view of a cornfield may also capture interior footage of a car driving alongside said field.

In terms of sensors, the data is less likely to invade personal privacy. That said, it will arguably be more valuable to the company in question. To return to the agricultural example, an aerial view of the field is useful but a scan measuring soil fertility is invaluable.

Regardless, drones must be equipped to gather data. According to ComputerWorld, many drones use combinations of CompactFlash or SD cards. However, plans exist to install solid state drives – provided they do not take up too much of a drone’s limited power supply.

Many industries believe that drones – or some form of their descendants – many represent the new common worker.

Whatever the storage, companies should be aware that UAVs are a new source of confidential data. Unlike computers, however, drones frequently leave company property. This form of data storage may be the least secure yet.

In 2016, Wired recorded an article where a dutch hacker took down a $35,000 police drone from over a mile away. Luckily the hacker in question was not trying to steal secrets but rather draw attention to the serious security flaw. In another potential drone security hazard, the American Government is currently pursuing laws that would allow them to shoot down any UAV deemed to be a hazard. While most commercial drones would be entirely safe from this law, a single mistake could be potentially disastrous in terms of the data lost.

Drone crashes cannot be counted on to destroy the data storage. While new security measures will likely have to be created to fully protect UAV technology, in the meantime, drones should be treated like any other piece of confidential data storage. Data should be routinely overwritten and all types of data storage (flash media or otherwise) should be destroyed or shredded once a device is decommissioned.

Driverless smart cars and other equipment
Another emerging piece of automated, IoT-enabled technology is the driverless car. While many companies keep the exact nature of their data storage a secret, it is possible to make a few educated guesses. First off, according to Intel, the computer in a car needs to be able to process terabytes of data at incredible speeds.

Unlike UAVs, cars have much more ability to power their data storage devices. A SSD is the likely possibility, compounded by various forms of flash media. Driverless vehicle use is already emerging in major cities and its usage is set to grow dramatically in the next decade.

Like drones, these vehicles will represent traveling swaths of confidential data. An already-serious crime like carjacking will take on new levels of danger – particularly if it is a company car that is stolen. Companies must have remote data wipe and overwriting software in place.

All vehicle SSDs and flash media storage should also be destroyed or shredded whenever a device is about to be sold or retired. While car mechanics will likely offer this service as part of a driverless car maintenance package, it is always safer to keep data destruction an in-house operation.

In order for driverless cars to work properly, they will need to send out and receive large amounts of data.

IoT-enabled everything
It is often said that data will be the currency of the future. The growth of IoT-devices certainly makes this a possibility. Smartphones and smartwatches are currently the highest profile items in this technology space but more are expected to be announced. In certain industries, employees are already wearing headsets – typically ones that produce augmented reality overlays – and in others they are gathering data from an environment of interconnected diagnosis machines.

Given their typically small nature (or limited space available for data storage), the vast majority of these devices use flash media. These devices operate by connecting to the cloud, allowing them to communicate easily with one another and transfer data. That said, cloud networks are typically less secure as they only require one point of entry to be completely exposed. Many companies also mandate backup standards that sometimes place files into the cloud long after they’ve been permanently erased from a hard drive.

While some wearable devices like the ReVault smartwatch promise enhanced security measures, companies should use extreme caution. Much of the danger today comes from the fact that many wearable devices are not exclusively for business use. Employees and executives are continually mixing business and personal on their portable machines, meaning that companies do not own the device or all of the data.

As IoT-enabled devices become more mainstream, companies should mandate additional corporate technology besides a traditional computer. IoT-devices are designed to talk to one another, placing personal data too close to corporate secrets. Switching away from personal devices is the best way to keep the two networks separate.

“Multimedia shredders are the best tools for destroying data that is not stored on hard drives.”

Destroy any data that cannot be degaussed
All confidential data, no matter from what device it comes, should be destroyed before it leaves a company’s jurisdiction. Multimedia shredders are the best tools for destroying data that is not stored on traditional hard drives. Smaller solid state shredders are also useful, although they do not have quite as much versatility.

Companies wishing to be on the forefront of technology must keep in mind the ever developing cybersecurity concerns. While highly mobile data collectors like UAVs and driverless cars will be very useful, they represent new risks to a company’s corporate infrastructure. A data destruction policy needs to be keep updated and all-encompassing.

Proton Data Security: