A game of hide and seek – the mystery of modern data

Data erasure

Philip Bridge, President at Ontrack shares his insight on data erasure on Top Business Tech, this time with a focus on the different types of data a business stores, and how you can effectively implement a data erasure policy.

Today, every business from large multinational blue chips to small family run start-ups have data at their core; and at unprecedented levels. In 2018, the global volume of data was thought to be 33 zettabytes (ZB). Yet, IDC predicts that number will balloon five-fold by the middle of the decade.

Whilst corporate data holds great value, it also carries a great risk. The more data your organisation deals with, the greater the risk of its exposure. However, where that data resides is often a mystery. From Word docs to Excel spreadsheets, emails to SQL databases, files can be copied and moved at will. This means keeping a full inventory of your data is almost impossible. It has become a game of hide and seek that IT departments would rather not play.

The need to protect data


Keeping sensitive data safe and secure should be a priority for any business. In recent times, there has been a wealth of increasingly stringent regulations designed to protect data that businesses must adhere to. One such regulation is the General Data Protection Regulation (GDPR) that came into force back in 2018. It gained widespread coverage and is seen by many as the catalyst to why businesses are wanting to assess their data collection and storage systems. And for good reason. The financial penalties of failing to do so with GDPR are significant. Businesses that fall foul of a data breach face a fine of €20m or 4% of annual turnover (whichever is greater).

GDPR is just the tip of the iceberg though. Each industry has a multitude of its own rules and regulations that IT Managers need to be cognisant of and ensure that their business complies to.

The three types of data


Before you find your data, you need to know what you are looking for. Whilst each business is different, the type of data they hold generally falls within three distinct areas. Firstly, there is customer data. This includes personally identifiable information (PII) such as name, address, account numbers, financial data and – depending on the industry – health information such as medical records. Secondly, there is employee data, which is similar but will also include salary and performance review information. Finally, there is corporate data such as intellectual property (IP), research and development data, details on mergers and acquisitions, financial results and other sensitive operational information.

Once you know what types of data you have within your organisation, you should categorise it depending on its confidentiality. This will ensure it is dealt with correctly when no longer needed. The ‘NIST 800-88’ published by the National Institute for Standards and Technology in the US is the go-to document for this. It provides guidelines to how organisations worldwide should effectively sanitise media so that data is irretrievable once the data or data storage device reaches its end-of-life.

The basics of a data erasure policy


Creating a clear data erasure policy is essential, particularly in highly regulated industries. It should cover all the most popular storage technologies – whether that be magnetic or flash-based. Further, it should cover the plethora of ‘end points’ found in a modern organisation such as servers, USB drives, laptops, tablets and other mobile devices.

It is important at this stage to remember that ‘delete’ does not mean the same as ‘erase’. There is a common misconception that simply reformatting the storage medium or hitting the delete button are secure erasure methods, but they rarely are. Data deletion leaves data recoverable, while data erasure is permanent. Confusing the two can lead to organisations leaving themselves vulnerable.

The levels of data of sanitisation outlined within the NIST 800-88 are:

  • Clear – which applies to logical techniques to sanitise data for protection against simple non-invasive data recovery techniques, Typically, this applies to rewriting with a new value or using a menu option to reset the device to the factory state.
  • Purge – which applies to state-of-the-art physical or logical techniques to render data recovery infeasible.
  • Destroy – which as well as rendering data recovery infeasible, results in the subsequent inability to use the media for future storage of data.

Make sure you pick the correct sanitisation method for your data.

Don’t cut corners


In these times, when working from home has become the norm for many, a company’s data is more dispersed and difficult to keep track of than ever before. The need for effective data erasure has never been more important. Unfortunately, the confusion about what constitutes the correct data sanitisation method continues. This is leading to businesses increasing the change of them suffering a data breach or cyber-attack.

Ensuring your business is using a proven data erasure tool will go a long way in safeguarding your critical data so that it doesn’t fall into the wrong hands. Only then can you keep the data of you and your customers safe so that you can obtain certificates of erasure that are audit-ready and meet compliance needs.


Philip Bridge

Philip Bridge, President of Ontrack. Ontrack understands data; it draws on its expert engineers and R&D facilities to solve customers data management challenges at different stages of the data lifecycle.

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...