If you've ever watched a TV show like The Hoarder Next Door, you're all too aware of the problems that can occur from refusing to throw anything away. It makes things messy and cluttered – and makes it virtually impossible to even know all of the different items you have in the first place. And if you don't know what you have, how can you know whether it's actually something worth keeping or something that could easily be removed?
This inability to let go of things isn't just reserved to what you store in your home. It's just as true for data storage inside companies. Yet up and down the land, organisations are collectively guilty of hoarding, doggedly clinging on to data well beyond the point that its continued storage is required or useful. With the cost per TB of cloud storage getting ever cheaper, it can be tempting to allow data stores to grow ever bigger “just in case” that information one day finds a purpose. Why not store all that information “for now” with the intention of coming back to it later when you have big data analytics to glean something from it? But is waiting for some eventual use of data worth the risk of keeping it around and leaving it exposed to a potential data breach? And on top of that, is it worth the expense?
But in reality, we all know how quickly the tasks at the bottom of our to-do lists are quickly overtaken by other competing priorities. Just because something initially appears affordable and convenient doesn't mean it's the best option.
This is particularly true with data hoarding, which over the long term is never a good idea. Let's put aside the security implications for one moment and consider purely how the storage costs alone compound year-on-year. According to the Veritas Global Databerg Report, just 15 percent of the average company's data is business-critical, a third is redundant, obsolete or trivial and another 52 percent is unclassified (dark) data. That leaves 85 percent of data that could – and should – be erased.
To get people thinking about this, Blancco's Data Storage vs Data Erasure ROI Calculator shows just how much money companies could be saving by erasing unneeded data.
Below is an example of the math behind the savings for a company adding as little as 10 TB of data each year. If a company creates and stores 10 TB of data per year, the assumption is that 85 percent of that data, or 8.5 TB, is not business-critical and should be erased each year.
Compounding costs of storing Costs of erasing unnecessary
unnecessary data data
Year 1: 8.5 TB of data = US$1,275 Year 1: 8.5 TB of data = US$1,088
Year 2: 17 TB of data =US $2,550 Year 2: 8.5 TB of data = US$1,088
Year 3: 22 TB of data =US $3,825 Year 3: 8.5 TB of data = US$1,088
Total Cost After 2 Years: US$3,825 Total Cost After 2 Years: US$2,176
Total Cost After 3 Years: US$7,650 Total Cost After 3 Years: US$3,264
That, of course, is before we consider the wider issues with data hoarding. It leads to excess clutter, opens the door to needless risk and makes visibility and monitoring an absolute nightmare. The more data you hold, the more likely you are to forget that certain data exists. And the more uncertain you are of the types of data that are stored, the more difficult it becomes to prioritise actions to protect your organisation's data privacy. If you don't know what data you have, how can you properly manage it, mitigate the risks and prevent unnecessary data theft? And if you don't have a full picture of the data you're holding, then in the aftermath of a data breach it can be all but impossible to get to grips with the scale of the problem or just how many people could be affected.
A case in point is Yahoo!, whose data hoarding processes were brought out into the open when the hacker “Peace” leaked four-year-old data from 200 million Yahoo accounts onto the dark web. Organisations must recognise that as data ages its usefulness declines, eventually reaching a point at which it is no longer an asset but a burden.
My hope is that incoming regulations, such as the EU GDPR, can prove to be the shot in the arm that organisations need to address this addiction to data hoarding. The stringent penalties and requirements around criteria such as the ‘right to be forgotten' and data breach notification within 72 hours will hopefully focus CIOs' minds on the importance of permanently erasing data whenever its value is less than the liability, when customers demand it (eg closing down accounts) and when regulations require it for compliance purposes.
The first step is to classify the data that already exists, which may sound simple but is often ignored. Only then is it possible to start thinking in terms of data lifecycle management – a comprehensive approach to managing the flow of information system's data and associated metadata from creation and initial storage through to the point it becomes obsolete and is destroyed. It's also important for companies to know what all of their data storage costs actually are, including soft and hidden costs. Until you know how much money you're spending to store unneeded data, you won't be able to fully see where you could save money by erasing that data. From there, the key is to then create processes for classifying and erasing unneeded data and regularly monitor your data management processes.
It's one thing to hear about the mitigated security risks and compliance other organisations have achieved through data erasure. But it's much more compelling when companies can see the impact data erasure can have on their data storage costs compounded over time. Suddenly, data erasure becomes a critical data security solution that not only minimises exposure to data loss/theft and ensures regulatory compliance, but also delivers a better bottom line.Contributed by Richard Stiennon, chief strategy officer, Blancco Technology Group
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.