Simple query – what number of drives does this server have?

If you happen to counted six, you’d be incorrect. 

Think about this situation in case you’ve been requested to decommission a server and you should account for the drives within the machine as a part of your inner course of for dealing with information bearing gadgets or media. You’ve eliminated the drives from the entrance of the server, so that you’re all set, proper? You report again into your system of report that these drives have been eliminated and also you ship the machine to your reseller or supplier – then the reporting despatched again to you exhibits that there was media nonetheless within the server, and even worse you discover out from whomever bought the unit that they discovered your information on the machine. What offers?

Seeing Is not All the time Believing

Whereas it’s simple to account for storage media and gadgets which are readily obvious and observable, the reality is that many gadgets comprise information that you just simply can’t verify the presence of with out realizing it’s there. This may be particularly difficult when a server or storage machine is within a rack that’s absolutely cabled up and within the presence of different manufacturing servers, so you possibly can’t pull it out to search for your self previous to disposition. With the appearance of smaller type issue drives reminiscent of M.2, EDSFF, mSATA and different flash media reminiscent of SD/MicroSD/CompactFlash and so on., it’s turning into more and more extra frequent to seek out these smaller drives within gadgets as effectively, both connected to the motherboard, on a PCI-E enlargement card, out of band administration machine, and so on. Configurations and different information may also be contained in non-removable inner storage areas reminiscent of NVRAM. It’s now not as simple as trying on the entrance of a machine to find out the storage gadgets held therein.

A Sage Buyer Perspective

A Sage buyer skilled this situation just lately – the drives from the entrance slots had been eliminated by the consumer; nonetheless upon receipt at our processing middle our technicians discovered a hidden drive within the unit and we inventoried and secured the drive by means of our NIST compliant erasure processes. Regardless of the consumer’s greatest efforts, their crew didn’t fully safe the server earlier than it was faraway from the situation as per their Data Safety crew’s necessities, and doing so would have required disassembling the server and realizing the place to look. Sage offered the consumer with photographic proof of the drive and offered a Licensed Knowledge Erasure Report confirming the erasure was carried out and profitable. This complete occasion made for an eye-opening expertise for our consumer and one which additional demonstrates the worth of a mature ITAD supplier, expert in applied sciences supported by the group.

Is Your ITAD Supplier Addressing These Eventualities?

When choosing an ITAD service supplier, be sure to search for one which has the processes and procedural rigor to function in eventualities just like the one talked about above, which embody figuring out and sanitizing the information on these gadgets. A mature supplier might be one which is aware of about these “gotchas” and maintains a database of merchandise together with the product class, make, and mannequin that acknowledges when a tool is information bearing, even when it isn’t instantly apparent (not all information sanitization is as cut-and-dry as erasing a tough drive!).  Your supplier also needs to carry out further validation by opening models to confirm that there isn’t inner media inside a tool which may be current however disconnected from a system board, which might be invisible to regular systematic processing of a tool. We hope this steerage may help you to shut gaps that could be current that might unknowingly open you to information leakage/breach dangers.