Data erasure specialist Blancco has released an Return on Investment (ROI) calculator designed to help companies decide whether to store or erase data. It claims that companies are wasting thousands of dollars per TB per year by storing unnecessary data. The figures are based on data from the Veritas Global Databerg Report and analyst company Gartner.
According to Richard Stiennon, Chief Strategy Officer for Blancco Technology Group and former Gartner analyst: “It’s one thing to hear about the mitigated security risks and compliance other organizations have achieved through data erasure. But it’s much more compelling when companies can see the impact data erasure can have on their data storage costs compounded over time. Suddenly, data erasure becomes a critical data security solution that not only minimizes exposure to data loss/theft and ensures regulatory compliance, but also delivers a better bottom line.”
Why is so much money being wasted?
The problem, according to Blancco, is that 85% of data stored is either redundant, obsolete or trivial (ROT) or dark data. This number appears to come from the Veritas report. It states that in the average organisation just 15% of all corporate data is business-critical. The remainder is ROT (33%) or unclassified or dark data (52%). It sounds simple but like all figures it is a gross over generalisation.
The first problem here, and it is one that Blancco calls out, is data stored for regulatory purposes. Most regulators require data to be held for several years. It is not optional. For many companies the data, by then, is relegated to tape rather than disk.
The second issue is all that unclassified data. The IT industry has been telling organisations for the last few years that they need that data. From a security perspective the amount of information about a data breach that is contained in the data is significant. Meanwhile, companies have been led to believe that all that unclassified data contains the keys to new business.
How much is Blancco saying is wasted?
Gartner has said in 2016 the Annual Storage Cost per raw TB of capacity is $1,593. This covers everything from infrastructure to power, depreciation and even taxes. Blancco says that is has compared cloud storage from Google, Amazon and Microsoft. While it estimates that cloud storage can reduce the cost per TB by 90% to around $150 it also says that the media cost from these vendors is higher.
Using the numbers above and the ROI calculator it is easy to see how much the company believes is being wasted. If a company stores 10GB per year, 8.5GB is unnecessary data. At $150 per TB that comes to $1,275 that is wasted per year. As these are fixed numbers the cost increases by the same amount each year.
After allowing for costs associated with deleting data (software, manpower, time) Blancco says that $1,088 per year could be saved. As this is again based on a fixed 85% of wasted storage, the savings keep on adding up.
How can companies achieve these savings?
To get these savings it means that companies are able to identify all the ROT and dark data in their organisation. It also assumes that that data is useless and can be safely removed without any impact on the company at all. To do this Blancco wants companies to implement a number of steps. Some of these should already be in place but others will be a significant challenge.
The steps are:
- Create a data lifecycle management strategy
- Classify data types and determine the length of time required to store the data
- Know your data storage budget, including soft and hidden costs
- Determine where you can save money by erasing unneeded data, instead of storing it
- Create processes for classifying and erasing unneeded data
- Evaluate data management processes on an ongoing basis based on new technologies and changes within the organization
Perhaps the biggest challenge, and one that has failed again and again for many companies is data classification. The introduction of GDPR next year means that organisations will need to be able to quickly identify any data holding PII. This means that they will have to resolve the problems of both identifying data and knowing where it is all stored. They will also need processes to remove data upon request based on the Right to be Forgotten laws.
What does this mean?
It is unlikely that many companies will get the level of savings that Blancco believes is possible. The costs to implement the six steps above will wipe out any saving for a few years. However, taking some or all of these steps should improve data security. It will also reduce what can be lost during a data breach and help companies become more resilient by only protecting the most essential data.