Every year, governments and public-sector organisations spend up to $17 million on the physical destruction of solid-state drives (SSDs). The same organisations spent an additional $40 million to replace the devices, totaling an overall expenditure of $57 million. Speaking of the United States, the expense of destroying and replacing SSDs reaches between $6.9 and $7.3 million, whereas, in the United Kingdom, the prices range between $6.4 and $6.9 million.
Instead of destroying hardware to preserve sensitive data, government agencies might save millions by recycling and reusing solid-state drives (SSDs).
Government and public sector institutions are responsible for maintaining, processing, and preserving some of society’s most sensitive and potentially exploitable information in today’s data-driven world. While administrative systems vary by country, these organisations provide public services, healthcare, education, transportation, utilities, infrastructure, law enforcement, and defence, among other things. And, as in the private sector, data management in the public sector is undergoing multiple dramatic changes.
Alarming Rise in Data Breaches
Perhaps unsurprisingly, we are seeing an alarming rise in data breaches and data breach expenses. In the public sector, for example, the average cost of a breach increased by 78.7% globally between 2020 and 2021, from $1.08 million to $1.93 million. This leaves the government with a massive obligation to its citizens, especially as the significance of privacy and data protection grows among both citizens and legislators.
Indeed, data protection and privacy laws exist in 69% of the countries globally. Laws such as the United Kingdom’s Data Protection Act (DPA) and the European Union’s General Data Protection Regulation (EU GDPR) govern how personal information can be used and how it must be handled, transferred, and secured, including when data or data-bearing assets have reached the stage of disposal.
On data-bearing assets in the public sector, additional legislation and standards control the secure disposal of classified or secret data, as well as non-classified data.
Implications of Data Breaches
The majority of government and public-sector organisations store a large amount of data on solid-state drives (SSDs). These drives are in the cloud, in on-premises data centres, and are utilised in a variety of devices such as PCs, laptops, and so on. According to Blancco’s global research of govt agencies, internal government policies frequently (40% of the time) require hard drives to be physically destroyed at end-of-life (EOL) to render classified or secret information permanently irrecoverable.
However, there are additional secure sanitization solutions that are more cost-effective and ecologically friendly, especially when compared to some physical destruction processes. Non-destructive approaches, such as software-based data erasure or encryption, are often welcomed for non-classified data IT assets. However, Blancco’s global survey findings demonstrate, that even these SSDs are usually destroyed due to perceived easiness, an abundance of caution, and maybe a lack of understanding of policy nuances permitting non-destructive solutions.
Finally, unneeded SSD destruction raises IT operations and material expenses for financially restricted public sector businesses. It also encourages the production of more electronic garbage (e-waste) at a time when the world is calling for more responsible environmental management.
SSD Destruction: Economic and Environmental Costs
Blancco Technology Group surveyed 596 respondents from various government and public sectors. And as per the survey, Governments and public sector entities spend between $12.8 million and $17 million each year destroying SSDs and SSD-based laptops, workstations, and servers. Moreover, spending $40 million more to replace the destroyed drives with the new ones.
Respondents reported destroying an overall average of 1,433 SSDs annually. This estimates a reasonable destruction cost being between US$15-20 per drive, meaning each of the surveyed government and public sector organizations spends between $21,495 and $28,660 annually on drive destruction.
To replace a portion of the SSDs physically destroyed, respondents in Blancco’s survey reported spending an average of $65,235 for new SSDs, bringing the average total cost (for destruction and replacement) per respondent to between $86,730 and $93,895 each year. Multiplying this by 596 respondents; destroying SSDs quickly surpasses tens of millions of dollars each year.
The public sector is reliant on tax money and is frequently accountable to its constituents and other government entities that offer fiscal supervision. Physical destruction of SSDs was judged to be less expensive than data sanitization options that would allow for reuse and prolonged device life by anywhere from 23 to 52 percent of enterprises within a country.
The report’s author says, “Unnecessary SSD destruction increases IT operations and materials costs for fiscally constrained public sector organizations. It also fosters increased electronic waste (e-waste) creation during a global call for more prudent environmental stewardship.”
According to the statistics, device destruction and replacement may cost even small governments millions of dollars per year, while also shortening a device’s usable life and making chances of redeployment, resale, and return eliminated.
Sanitizing SSDs through Physical Destruction
Data security is a critical part when it comes to disposing of the devices. Physical destruction of SSDs is regarded as more secure than alternative data sanitization techniques by 46% of respondents worldwide, with figures as high as 53% in Singapore and 51% in the EMEA (Europe, Middle East, and Africa) area.
Physical destruction of SSDs occurs in many situations (40% of the time), according to the research, because it is required for classified data in accordance with internal organisational policies. According to 41% of respondents, it is required by law to physically destroy SSDs containing classified data, so they delete all SSDs “just in case.”
Other Findings say that 38% of respondents believe device destruction to be cheaper than other methods. Even more concerning is that nearly 22% are ignorant of alternate techniques of sanitization, such as verified data deletion or encryption.
Furthermore, 35% of worldwide respondents feel there is no verified or recognised vendor or solution that offers a long-term solution for safe data erasure.
Singapore (47 percent) and India have the highest rates of this problem (41 percent). Legislators and regulators have a chance to study and exchange information on certified alternative suppliers who supply compliance solutions.
Sustainable SSD Sanitization
When responsibly discarding any data storage asset, there are multiple environmental consequences to consider: the functional components from each device that may be collected for reuse, the minerals and elements that can be retrieved, the remaining garbage that adds to landfills, and the natural resources needed to fulfil the demand for new, replacement IT assets.
With global electronic waste (e-waste) being dubbed as the “world’s fastest-growing domestic waste stream,” 93% of the surveyed respondents said they have policies in place to limit the environmental effect of IT equipment destruction. However, just around a quarter (21%) of those initiatives are being actively implemented.
Overall, the majority of respondents indicated having strategies to mitigate the negative consequences of destroying IT assets, indicating that firms are aware of the link between device disposal procedures and environmental effects.
Globally, half of the respondents (54%) felt that reusing SSDs is better for the environment than physical destruction. These attitudes were more commonly expressed in Australia, Canada, and Japan, where more than 60% of respondents believed that reuse is preferable.
Governments and public sector organisations have always been scrutinised when it comes to expenditure, but with global e-waste expected to almost quadruple by 2030 and ongoing calls for more environmentally conscious government practices, it is becoming increasingly vital that government organisations investigate sustainable solutions that prolong device life, ensure lock-tight data security on end-of-life SSDs, and ultimately save public services millions.