What's the Problem With Solid State Drives?
In January 2016, health insurer Centene lost six solid state drives filled with the names, birth dates and Social Security numbers of approximately 950,000 beneficiaries. The incident highlighted the dangers of over-relying on locally protecting data stored on SSDs. Now, more than a year later, the same slipshod practices continue, according to a recent survey on the security limitations of SSDs from data erasure vendor Blancco Technology Group. In surveying more than 300 IT professionals from North America, Europe and Asia, Blancco found that companies continue to store a myriad of sensitive data on SSDs, and that while they're confident of their use of third parties to manage the data erasure process, they are highly unlikely to have any formal way of monitoring those third parties' processes. The survey also found that companies may be overconfident in thinking that encrypting and reformatting SSDs are sufficient to protect the data once those SSDs are discarded, recycled or resold. "Many organizations and individuals place a great deal of their trust and reliance in encryption and reformatting to prevent data loss and theft from SSDs and minimize their exposure to a potential data breach," said Richard Stiennon, Blancco's chief strategy officer. "We know from our own analysis of 200 used drives purchased from eBay and Craigslist that reformatting of SSDs could result in various types and amounts of personal and corporate information being left exposed and recovered. Organizations cannot afford to be lax in how they manage and erase SSDs—or they could find themselves hit by a data breach."