Solid state drives a data security risk

The growing trend towards the use of solid state drives, such as in tablets and ultrabooks, poses significant problems for enterprise wanting to ensure end-of-life information security, according to National Association of Information Destruction (NAID) chief Bob Johnson.

Speaking at the NAID conference in Sydney this morning, Johnson said SSDs are an unknown quantity when it comes to being sterilised for disposal at the end of their working lives.

“There is currently work being done at the University of California, San Diego, about the best ways to make sure these solid state drives are clean before they’re disposed of,” he said. “Unfortunately the information out there at the moment is very squirrelly.”

NAID, an organisation founded 20 years ago in the US, now has chapters in Asia, Europe and Australia and New Zealand. It represents the interests of around 2000 member companies focusing on information destruction.

The organisation originally focused on the destruction of physical media, such as paper documents. That focus has shifted over the last decade. “Around 40 percent of our members are focused on the secure disposal of information assets,” Johnson said.

The organisation also recently commissioned research into the document disposal habits of Australian organisations. The survey, which employed private investigators to examine – but not remove – dumpsters outside organisations such as banks, surgeries and hospitals, found 11 percent of organisations don’t dispose of sensitive documents correctly.

“Bad guys don’t care if it’s illegal to dig around in the trash,” said Johnson. “Our survey found 40 percent of doctors surgeries, for example, aren’t disposing of their documents correctly.”

This sort of information would prompt a legal response under data breach laws. Australia’s data breach laws are stuck at the committee discussion level, pending the interest of Australia’s new Attorney General, Mark Dreyfus.