150 Million Opportunities to Transform Technology Into Emissions Savings: The Future of Data Center Data Destruction

Data centers managing vast amounts of sensitive information face a critical responsibility: safeguarding data. As technologies advance, so too must the methods and standards for data destruction. Data centers require robust practices to ensure data isn’t just deleted, but irretrievably destroyed, thereby preventing unauthorized access.

As data centers continually upgrade their infrastructure to meet increasing demands for storage and processing power, they generate a significant amount of obsolete hardware. A 2022 study conducted by the National Renewable Energy Laboratory suggested that up to 50 million hard drives will be disposed by data centers in the US in 2025¹. It is estimated that the US accounts for around 33% of global data center volume², based on these approximations, the amount of drives no longer needed by data centers could be as high as 150 million as early as next year.

This is where reverse logistics comes into play, providing a systemic approach to handle the return and disposition of this enormous volume of obsolete equipment, which includes responsibility for securely erasing data. Hyperscalers and data center customers need to trust that their data destruction is in accordance with the latest best practice, appropriate for their specific technology.

Opportunities for Reuse

Reusing storage devices presents an opportunity to reduce environmental impact by extending the lifecycle of the equipment. Reusing hard drives can result in substantial savings in embodied emissions.

Reuse, unlike recycling, does not require energy-intensive processes of breaking down materials and remanufacturing products, which means that the carbon footprint of reused drivers is significantly lower. The International Institute for Environment and Development estimates that extending the lifespan of IT equipment by just two years can potentially reduce the carbon footprint by up to 50% compared to immediate replacement.

As well as supporting environmental goals, an added benefit is that reusing hard drives and solid-state drives can lead to cost savings for data centers. Yet the Circular Drive Initiative estimates that up to 90% of drives³ are shredded at the end of first use, so what’s driving this decision?

It’s All About Trust

Data centers often choose to shred their storage devices rather than reuse them due to concerns about data security. Perceived risk with data erasure on hard drives is a significant concern as companies adopt zero-risk data security policies. Concerns include incomplete wiping, where residual data remains accessible, and unauthorized access during the disposal process as well as the threat of physical theft or tampering during transportation.

To meet the needs of their clients and adhere to zero-risk security policies data centers need a guarantee that data has been completely removed. Only then will drives be released for reuse or resale. Several major hyperscalers have made public declarations about their aims to increase the percentage of reuse of their decommissioned IT equipment from data centers. Microsoft is targeting 90% of cloud computing hardware assets by 2025⁴, and over 100 data centers operators and trade associations, including AWS and Google, have signed up to the Climate Neutral Data Centre Pact⁵ which incorporates a pledge to reuse and repair servers.

Building Trust and Enabling Reuse

Creating a robust process that builds confidence in data erasure for data centers involves several key steps and considerations:

1. Application of Appropriate Data Erasure Standards
2. Chain of Custody Protocols
3. Certified Emissions and Environmental Impact Reporting

With these in place, data centers can build a reliable and trustworthy data erasure process that supports the reuse of drives while ensuring data security. Reverse logistics plays a crucial role in this process.

Data Destruction Standards

Ensuring that data destruction meets recognized standards ensures that sensitive information is handled and disposed of securely. Data destruction in enterprise data centers is governed by a range of standards, ensuring that sensitive information does not fall into the wrong hands. These standards outline procedures for secure data deletion, including overwriting, degaussing, and physical destruction of storage media.

• Overwriting involves replacing existing data with random data patterns, rendering the original data irretrievable.
• Degaussing uses powerful magnetic fields to disrupt the magnetic domains on a storage device, effectively erasing data.
• Physical destruction, involves shredding or pulverizing storage devices to ensure data cannot be reconstructed.

Challenges with Data Destruction Standards

The widely adopted, and internationally recognised, NIST SP 800-8 Revision 1 Guidelines for Media Sanitization standard was created by the National Institute of Standards and Technology and published in 2014. In the subsequent ten years storage technology has evolved and the gap between NIST and today’s equipment is widening. While these methods are effective for most corporate IT equipment, the question remains whether they are keeping pace with technological advancements.

With the rise of solid-state drives (SSDs), traditional methods like degaussing are becoming obsolete, as these drives do not rely on magnetic storage. Overwriting SSDs is also challenging due to their wear-leveling algorithms, which distribute data evenly across the drive, making it difficult to ensure all data is overwritten.

Furthermore, the increasing use of cloud storage and virtualization adds layers of complexity to data destruction. Data stored in the cloud can reside in multiple physical locations, necessitating new strategies to ensure complete data sanitization.

Emerging Best Practices

Given these challenges, the next best practice in data destruction may involve embracing new technologies and methodologies. Innovations such as crypto-shredding, or cryptographic erasure, where encryption keys are deleted to render data inaccessible, are gaining traction. This method is particularly effective for cloud environments, where physical access to storage media is limited.

Additionally, advancements in nanotechnology and machine learning could lead to new forms of data destruction, such as molecular-level data erasure or predictive algorithms that enhance data sanitization processes.

Keeping Standards Up to Date

The new IEEE 2882-2022 standardⁱ represents a significant leap in data protection. It ensures that all storage devices are processed to their native physical capacity, including reallocated sectors and areas typically inaccessible using traditional methods like NIST 800-888. This comprehensive approach addresses gaps in other standards, ensuring complete data erasure and enhancing overall security. This is particularly important as technology evolves at a rapid pace.

Like its predecessor, the new standard specifies both logical and physical methodology for sanitizing data but does not give shredding or pulverizing options. Developed for the technology of today, and created with all global organizations in mind, the IEEE standard specifies specific technology-specific requirements for the elimination of data – different methods for different assets – such as overwrite patterns, number of passes and use of cryptographic erasure.

The most significant advantage comes for storage devices used in data center environments. Non-Volatile Memory Express, or NVMe, has evolved from a simple SSD device to a more complex system that can be spanned across multiple systems. In NVMe technologies, where enterprise NVMe devices can be configured with multiple namespaces and of range non-volatile buffer memory, IEEE 2883-2022 provides a robust process, addressing a gap in previous standards.

The IEEE standard includes a dedicated sustainability section documenting a use case for purge operations, with the media sanitization methods defined in the standard ensuring that companies have the option to safely repurpose data-bearing devices rather than recycling them.

To remain relevant, data destruction standards must evolve in tandem with technology. This involves continuous review and updates from governing bodies, incorporating the latest research and technological advancements. Collaboration between industry leaders, cybersecurity experts, and regulatory agencies is crucial to develop flexible, future-proof standards.

Maintaining a Secure Chain of Custody

Adoption of the latest standard doesn’t happen overnight. Implementation involves a strategic approach to integrate new protocols, train personnel, and update systems. Adherence requires rigorous application of the standard’s protocols, continuous monitoring, and regular audits to ensure compliance. Organizations must be proactive in adapting to new standards, which often involves investment in new technologies and processes.

The process for managing decommissioned drives must include strict protocols for asset tracking and chain of custody to further enhance security and mitigate risk. Asset tracking is a critical component of data protection, ensuring that all IT assets are accounted for throughout their lifecycle and providing a clear record of each asset’s journey from acquisition to disposal. This should include clear steps on how data is securely removed, with specific processes and techniques based on individual technology type.

Accurate Emissions Data and Verified Reporting

When a data center opts to implement changes focused on reusing drives instead of recycling them, it is important to be able to measure the environmental impact of these changes. This should include data on the net benefit of repurposing in terms of overall GHG emissions, as well as broader sustainability metrics such as energy use, toxicity avoidance and resource conservation. By collecting and analysing this data, data centers can include these efforts in carbon accounting and enhance their sustainability reporting.

A Game-Changer in Data Destruction and Sustainability

In the pursuit of sustainability, data centers are adopting practices that minimize environmental impact. Reuse of storage devices, rather than defaulting to shredding offers a huge opportunity to contribute to the circular economy, reduce e-waste and conserve resources.

As data continues to be a valuable asset, ensuring its secure destruction is essential. By adopting cutting-edge practices and revising current standards to address technological shifts, the IT industry can maintain robust defences against data breaches and unauthorized access.

By erasing data according to IEEE 2883-2022 standards and following a secure chain of custody data centers have a secure and sustainable method that allows storage media assets to be repurposed and reused, thereby extending their lifecycle and reducing the environmental impact associated with the traditional practice of shredding hard drives.

1. https://www.sciencedirect.com/science/article/abs/pii/S0921344921007102
2. Data Centers Around the World: A Quick Look (usitc.gov)
3. CDI (circulardrives.org)
4. Frequently asked questions about our datacenters - Microsoft Local
5. Climate Neutral Data Centre Pact – The Green Deal need Green Infrastructure
i. 2883-2022 - IEEE Standard for Sanitizing Storage | IEEE Standard | IEEE Xplore