The current legal and regulatory environment has brought effective data management firmly into the spotlight for organisations both large and small and across all industry sectors. As the tsunami of big data continues to gather pace, organisations are becoming more aware that they need ready access to current and historic data in order to respond to the regulators and internal stakeholders alike.
Data must be accurate, accessible and easily searchable. On the flip side, there is increasing pressure to ensure that personal data is stored within the confines of Data Protection legislation. In particular, organisations need to ensure that they delete sensitive information from PCs or mobile devices before they are disposed of or recycled.
This article examines the broad range of risks that today's organisations face when managing data, from dealing with new phenomena like Ransomware to asking the right questions about cleanroom quality standards.
Managing corporate data effectively
Recovery from tapes
When tape storage media fails, the only option for most companies and personal users is to consult recovery experts that have the experience and the resources required to search, extract, and recover your data. They are usually able to rescue files from all the typical disaster scenarios involving tape media, such overwritten tapes, snapped or burnt tapes, software problems or backup failures.
Data destruction is harder than it looks
The rise in data breach scandals highlights an important fact –data destruction is harder than it looks. Turning to professional help is the best option- but how do you know who to turn to for help? So many companies with the right intentions have been caught out using the wrong IT partners to remove data before they recycle old computers. A good example is the fate of NHS Surrey, which was fined £200,000 after losing sensitive information about 3,000 patients.
The data destruction company it chose to get the computers ready for recycling didn’t properly eliminate the records- they simply crushed the hard drives.
Permanent erasure can only be achieved with specialist tools
The only way to guarantee the permanent erasure of data is through the use of accredited erasure software that meets government data deletion standards. It should also provide you with erasure verification reports and a detailed audit trail for legal compliance.
For non-functioning devices, companies can buy or rent a degausser to delete data. If a DIY solution is not an option, find a reliable asset disposal service that can provide references or case studies for erasure products and services.
The case of Computeraid – a UK charity that gets it right
NHS Surrey could benefit from shadowing the processes put in place by charities that have successfully prevented data breach –especially those recycling their electronic devices for reuse in other nations. A good example is Computer Aid, which processes over 3,000 donated PCs and laptops each month to projects all over the world.
For years they’ve relied on Ontrack Eraser software from Kroll Ontrack to ensure that every donated PC has its data permanently and securely wiped before it is reused. According to the charity, disk drive wiping is a vital part of the process of refurbishing a PC, because it reassures the donor organisation that none of its data is being shipped overseas. It also reassures the recipient organisation that the PC is fully refurbished, rather than merely recycled.
Investigators at the Environment Agency have warned that many of the computers being sent abroad by firms may contain sensitive information that can potentially be used for fraud. Before any recycling takes place, donors should do their homework and find out which charities and recycling organisations have a policy for total data erasure using a failsafe approach such as Ontrack Eraser Software.
Pre-legal and non-legal e-discovery
Emails dominate communication in today’s business environment and are likely to contain vital pieces of information that can help companies track key events, employee behaviour and information exchanges. Emails are therefore viewed as a sub-set of electronically stored information (ESI). They are valid legal documents and are governed by a variety of regulations and statutes regarding retention.
When litigation or regulatory matters arise, IT administrators are the ones who are tasked with identifying, preserving, and collecting potentially relevant data from live environments, as well as backups, with minimal disruption and often limited resources.
But the collection process must be undertaken with care because companies must have a consistent and defensible preservation and collection process. The failure of adequately retaining and producing email records have cost companies millions of pounds, demonstrating the importance of having the right data collection tools. In particular, it is very important that the right techniques and tools are used so that the collected metadata remains exactly as it was on the servers or machines that it came from.
IT is best-placed to perform the collections, given that they have access to various people’s server locations and are also able to get to their desktops and image or remotely collect them. While the legal team has the understanding of how to preserve evidence, they won’t have access to the complete IT environment or know where everything is stored and hosted.
Collecting specific Exchange data
To collect Exchange data, beyond getting what’s on Outlook or a desktop or laptop (for example, files or emails that may have been deleted) legal will tend to direct and make requests, while IT will select from the actual server location and backups.
To get data from the live server, normally IT would have to set up a copy of the Exchange environment and migrate copies of the data over so they’re not affecting the actual production server: this is a very labour and resource intensive activity.
The key benefit of using Ontrack Power Controls (OPC) from Kroll Ontrack is that it maintains the metadata, hence making it legally sound to be used in court. It can also work with Exchange backups (EDBs) to shorten the process of data collection. Typical collections include information from previous years, which means that only backups would contain the required data.
The same process happens when the team is accessing data from SharePoint. Using Extract Wizards, IT can work with backups stored on disk or tape – they can open up the backup and access whatever specific data, mailbox or email is needed.
The difference in the time required to recover data between using OPC and Microsoft native tools is typically minutes versus hours. Other tools can even take days. Obviously every situation is different so there is no specific benchmark, but in general there are fewer steps involved and no need to write a script, which would be required by other tools.
The data that IT finds can be exported to legal for use within their e-disclosure tools and to an alternative network location where the legal team is hosting all of the information for a case.
How to choose a data recovery partner
Recent research from Kroll Ontrack found that more than 10 per cent of the media sent to them for recovery had been previously opened, which diminishes the chances of a successful recovery by more than 45 per cent. It represents a large volume of unnecessary data loss when you consider that Kroll Ontrack processes more than 50,000 recoveries a year.
It also poses questions about the capabilities of data recovery companies when it is necessary to retrieve data in a clean room environment. A hard drive is a sealed unit, specifically designed to keep any debris from entering while it is in use. The read-write heads inside that drive are designed to float over the platter surface while it’s spinning, usually at speeds anywhere between 5,400 and 15,000 rpm. When dust particles enter the unit while it is spinning at full speed, the smallest of particles can make their way between the heads and the platter surface, causing the heads to crash.
A clean data recovery environment is a devised system for routing the air flow on rows of workbenches in an arrangement based on high-quality submicron particulate air filters that trap the smallest particles. These systems use special HEPA filters (high efficiency particulate air filters) that filter out suspended particles only 0.5 micrometres in diameter. As an example, all Kroll Ontrack workbenches follow ISO 14644-1 class 5 standards.
Clean room standards are not the only criteria for choosing a data recovery partner. Having accredited and experienced engineers performing a recovery is paramount to success, since the growing complexity of storage platforms is making it difficult to recover data when things go wrong. Only providers that invest in R&D will have the most up to date solutions for the latest/newest technologies. Important questions to ask include:
- Can the engineers recover data from all types of storage platforms, including SSDs and virtual environments?
- Can they recover data from all content types and does the organisation partner with hardware and storage manufacturers?
- Does the data recovery partner have certification for data security, handling, processes and staffing standards?
- Can the provider retrieve bespoke client data?
- Does it have a clean room and laboratory to safely open, repair and recover from media storage devices?
- Does it have available parts to deal with emergency recoveries?
- Can it provide 24 x 7, year-round customer service?
The risks presented by corporate data are many and varied, and will only grow in complexity. Data recovery and destruction, as well as data management and accessibility will continue to top the lists of must-do processes for IT managers, who must take an increasing role in ensuring that their organisation is fully compliant and ready to meet the requirements of the regulators.
Phil Bridge is the managing director of Kroll Ontrack.