As we’ve said before, data is incredibly valuable. Paired with this value, however, is the simple fact that data, over time, can also be extremely dangerous. Keeping data long term improperly on a server can open an organization up to incredible danger, both internal and external, and negate much of the value of that data.
Luckily, these threats are relatively well-known - we know them, because as an industry, we deal with these issues on a daily basis. So, while it’s easy to be doom and gloom on this subject, the bright side is that avoiding all of these pitfalls is entirely possible with proper preparation, knowledge, and foresight.
Today, we’re going to establish exactly that. We’ll discuss some of the issues inherent in long-term data storage, and the threats that arise due to them. We’ll discuss some mitigation strategies, and a general overview of how best to handle long-term storage when no other alternative is possible.
Data Storage Makes for an Attractive Target
First and foremost, data storage itself makes for an attractive target. Hackers and criminals aren’t going to go after small fries when the stakes are so high. This isn’t a petty crime kind of thing, data is a huge market and has a lot of legalities behind it, so if something is going to be stolen, it’s most likely going to be something big.
That’s the crux, really - being something big. As more data is collected and stored, organizations naturally become better targets for criminals. Having a large database means a high direct value when that data is sold, but it also implies that there’s something more to be taken.
Let’s approach this from a different perspective. Say you were a criminal, and you were trying to choose which bank to rob. You have two choices - a simple, small, local bank with modest decorations, or a solid gold clad megabank that hosts some of the largest and richest organizations and customers.
The punishment doesn’t change - no matter what, you’re going to prison. If you’re a criminal in that situation, you’re absolutely not going to waste your time going after the small bank when you know the potential payoff is so much higher for the gaudy bank.
This is a basic consideration of reward/risk ratio - when the risk is so high, naturally, the criminals are going to go after the high value target. By storing data over time, whether necessary or not, you’re absolutely making yourself a huge target.
More Data Means Greater Damage
Another aspect of this is the fact that having more data naturally makes for greater damage when that data is breached. This comes in three basic forms, each with huge potential losses.
First, there’s the risk of public relations. When you store a ton of data, you’re storing people’s livelihoods and intimate content. When this data is breached, beyond anything else, possibly the most damaging aspect is the loss of trust and respect that your organization incurs. This not only has direct influence in the way of people leaving your organization or choosing not to engage in business, this also has a long-term market depressive effect negating many of your efforts.
Then, there’s the concern of economics. When you have a ton of data, you have a ton of money. When data is breached, you’re losing out economically when those customers retreat from your services. This isn’t even to mention the huge punishments from things like HIPAA and the EU Data Protection Directive, which punishes data breaches due to negligence by the incidence. This means that a million incidences could result in your business functionally ceasing to exist in such a case.
Finally, there’s the legal concern. There are many laws to consider when it comes to data storage, and outside of any economic concern, there are serious legal implications for being negligent when it comes to data storage. Improper storage of vital personal data can result in some serious legal repercussions, and as more and more data is stored, these repercussions become so complex that it almost takes a team to navigate through them.
Data Storage Costs Space and Computational Power
Data takes up space. And while that space might seem minute, in the realm of bytes rather than entire hard drives, the space it takes up is dramatically magnified as more and more data is stored.
As a point of comparison, let’s consider a simple storage of an ID number. For the sake of argument, let’s say that each number we store in our database is 1 byte in length. This is a bit of a fallacy, as systems have wildly varying amounts of space required depending on type of integer, organization, file system, etc., but for the sake of this example, let’s assume a single byte.
In our first, lean system, our average consumer record is around 350 bytes in size. This record stores a ton of information, including customer name, address, and so forth. In our second system, this number is only slightly larger, and contains extra records relating to the zipcode of their address and the provider of their payment method. This record is 550 bytes in size.
That doesn’t seem very large, does it? These are quite small numbers, and even the bloated system is only 200 bytes larger. The problem, though, comes in simple magnification. Let’s say we deal with 60,000 server transactions a minute, which is well under the maximum amount provided for by SQL. This works out to 43,200,000 transactions a day. In each transaction, let’s assume there’s no optimization, and we’re pushing the entire record through our system.
In our lean system, the amount of data being pushed through on a daily business works out to be 15.12 Gigabytes of traffic daily. In our bloated system, this number works out to be 23.76 Gigabytes. This is an increase of almost 64% that did not have to be processed.
Not only is that entirely wasteful, it’s also extremely expensive. This means a 64% increase in hard disk access and bandwidth in almost every component involved in the system. This is insane - would you go to the store and willingly spend 63% more than a product costs because you were too lazy to grab exact change? Of course not, so why do it with data?
Put simply, long-term data storage is both a fact of life and a huge possible point of issue in many organizations. Luckily, there’s an excellent solution for deleting this data in a secure way once it has been collected, even for temporary purposes.
ClaraWipe is one such solution. ClaraWipe not only securely deletes your data, it does so in compliance with some of the most well-known and widespread legal guidelines, including HIPAA, the EU Data Protection Direct, the Sarbanes-Oxley Act, and many others. It does this using top of the line methodologies and practices, allowing you to free up space and avoid many of the negatives stated here.
It does need to be said, of course, that this is not an argument for deciding against storing data long-term - in many cases, this is simply a fact of operating a business. That being said, if you must secure data over a long-term storage plan, you must do it in a way that makes sense and protects you from these pitfalls.