Every low cost dedicated server provider should at least have some form of basic backups as an option. This server backup could be either via an external ftp backup system, RAID or simply a secondary hard drive within the dedicated server for critical and sensitive data. However, at some point in the life of a dedicated server you may be faced with having to dispose of the data in a secure way with confirmation that this has actually been completed. The disposal of data can be for a few reasons such as upgrading hardware, moving to another server or simply canceling a service with a dedicated server provider. Adhering to industry regulations or abiding to policies set by a company running a server or hardware can create obstacles to this procedure causing security, excessive cost and/or data destruction verification concerns.
A simple solution to disposing of your data could simply involve erasing the data from the server’s hard drive or backups system. But if you do not have an administrator or better yet, an expert in data removal for your company, it is not possible to ensure the data has indeed been properly deleted. This also includes data in an office environment and not just at a data center. It is a especial concern if your company has stored sensitive data such as personal and financial information and if you plan to re-use or resell the hardware where credit card numbers, social security numbers, sensitive company data, or banking information can fall into the wrong hands.
There are data destruction companies that can perform the required service for you and assure that all data is erased with reports on their exact procedures. Some of these companies are even audited to ensure compliance but these usually involve the actual physical destruction of hardware. If you are renting servers from a low cost dedicated server provider for example, this would not be an option. A good alternative would be to hire a third-party company that can ensure that all data has been erased and what steps they have taken to ensure this has been completed.
All E-commerce sites are held accountable for personal and financial data that ends up being compromised by inadequate data destruction procedures.
The biggest problem that can result in erasing data remotely is what is known as data remanence .[1] This occurs when attempts at erasing data still leaves “residual representation” of data on a hard drive. If you are renting from a low cost dedicated server provider in a data center using remote access it is essential to ensure that all data has been erased by an experienced administrator or with confirmation from the data center that data has indeed been properly erased if you are not able to obtain the services of a data destruction service. One secure procedure to verify total erasure is is via overwriting or wiping. This is a low cost and popular option available via software alone.
It is important to note, that different media will require different means of data destruction. For example, using the software method of wiping on Solid State Drives has been shown to be not as affective as with other SATA, IDE, SAS etc. hard rives. Also, optical media would have to be physically destroyed unless the media is Re-Writable.
It is all too easy for data to seem to be erased when it is not truly 100% destroyed either via software or physically. Data erasure must especially be adhered to if your company must comply to strict guidelines from HIPAA, Sarbox, PCI and various other standards. If using an external service, make sure you are also given a price quote before proceeding to avoid any excessive cost.