Battling an Invisible Data Center Security Challenge

Uttarakhand,,India,,January,29,2021,:,Workers,Dismantling,Old,Pcs

When data center owners and operators talk about security, they often talk about the special doors that they install that are bulletproof and resistant to forced entry. They’ll talk about guard gates at the entrance to their data center campuses with impenetrable bollards and gate arms. They’ll even reference advanced biometrics systems designed to ensure that only individuals who need access to certain parts of a data center can gain that access.

These security features are designed to ensure the safety of the valuable and sensitive data stored on the servers in the data center. They’re implemented to prevent a malicious actor from walking in the front door and walking out with valuable hardware under their arm. They’re present so that the personally identifiable information (PII), company intellectual property, or sensitive employee data stays where it belongs.

Data centers spend significant money on physical security, and for very good reasons. IBM estimates that the global average data breach cost has increased by approximately 15 percent over the past three years. In 2023, that average cost was roughly $4.45 million.

It would be most unfortunate if sensitive customer or employee data were compromised because a data center owner or operator failed to wipe all of their data and tasked a construction company with its removal. Especially because they would be liable for the resulting breach.

But even with all that time, money, and effort, some data center owners and operators are still putting their data at risk. That’s because they fail to address the security concerns associated with decommissioned and unneeded hardware.

This is a particularly large problem today as data center owners and operators ramp up their adoption of artificial intelligence (AI) and machine learning (ML) technologies.

Ripping and replacing for AI
The emergence of generative AI tools like ChatGPT and DALL-E from OpenAI didn’t start the AI craze. They merely accelerated it. Even before these exciting new generative AI solutions entered the marketplace, companies were exploring ways to leverage AI tools and technologies to improve and streamline their operations.

However, when ChatGPT hit the scene in November of 2022, AI suddenly became an available tool for practically everyone on the planet. The application became one of the fastest-growing and most used in history, democratizing AI and sending shockwaves through virtually every industry – from healthcare to education.

These AI solutions have very specific requirements. They need tremendous amounts of compute power to operate and suffer from even small amounts of latency. This has resulted in many data center owners and operators embracing incredibly dense racks that utilize a tremendous amount of energy. We’ve also seen data center operators rushing to purchase and implement the latest and greatest GPUs and other new technologies to power their AI solutions.

These data center owners and operators are ripping and replacing old technologies at incredible rates to make space for these new technologies. In some other cases, they’re even buying up older data centers and completely retrofitting them simply to meet the data center requirements for their AI solutions.

This is the new, invisible security challenge facing modern data centers. Unfortunately, it’s only getting worse as data center owners and operators move quickly to replace old equipment with new solutions to rapidly enter the age of AI.

But what happens to the old equipment they remove from these data centers? The old hard drives and servers that stored the data that data center owners and operators worked so hard and invested so much to protect? Often, it becomes an afterthought.

Staying secure after decommissioning
I’ve heard stories about decommissioned servers and storage devices that owners claimed were devoid of sensitive data, yet still stored gigabytes of customer data. This equipment is often just decommissioned and disposed of without extra time or attention being given to ensure all data has been removed.

In the past, it was relatively easy to ensure that all hard drives and servers were wiped of their data. Hard drives and other storage devices were massive and relatively easy to keep track of. However, the emergence of solid-state storage has resulted in hard drives and other storage devices getting smaller and smaller. Today, losing track of a storage device can be incredibly easy.  

It would be most unfortunate if sensitive customer or employee data were compromised because a data center owner or operator failed to wipe all of their data and tasked a construction company with its removal. Especially because they would be liable for the resulting breach.

This is the new, invisible security challenge facing modern data centers. Unfortunately, it’s only getting worse as data center owners and operators move quickly to replace old equipment with new solutions to rapidly enter the age of AI. Thankfully, there is a solution.

Get help with IT assets
If data center owners and operators are really taking security seriously, they need to extend their security efforts beyond the useful life of data center equipment and hardware. Just because a company thinks that servers and hard drives are free of sensitive data doesn’t mean it’s not there. That data is out in the wild once the hardware leaves the secure confines of the data center.

Instead of relying on already stretched-thin IT departments and data center personnel to ensure that all data is erased before equipment is disposed of, these companies can work with an IT asset disposition company whose whole mission is to safely and securely decommission data center equipment.

…data center owners and operators are ripping and replacing old technologies at incredible rates to make space for these new technologies…they’re even buying up older data centers and completely retrofitting them simply to meet the data center requirements for their AI solutions.

These companies are not limited to strictly degaussing or deleting data from servers and storage devices. In addition to degaussing, IT asset disposition partners have the technology and processes necessary to effectively destroy any data center equipment that could contain sensitive data. And, since some of today’s advanced solid-state drive (SSD) technologies can literally fall through the cracks, some IT asset disposition partners can even disintegrate these storage solutions to ensure that nothing sensitive is ever compromised.

The AI era has drastically accelerated the amount of data center hardware being purchased and installed – which has generated a large amount of older data center equipment that is being decommissioned. If data center owners and operators don’t take care of their decommissioned hardware, they could be leaving valuable, sensitive data vulnerable and leaving themselves liable for a costly data breach.

Scroll to Top