How Network Devices Became Secure Erasure Targets
For decades, the trend has been toward putting more intelligence at every point throughout the network, with distributed services for traffic control, security, management and other functions. One result has been that common network devices—led by routers and switches—have become more sophisticated and expensive.
Among other changes to support that increased sophistication, significant local storage has been added to routers and switches. They often store configuration data, machine logs and other information related to network topology, IP addresses, network affiliations and so forth. Much of that data is sensitive, especially from a cybersecurity perspective, and it must be protected at a similar level to data on an enterprise server. Indeed, there are few limits to what an admin might keep in a network device’s local storage; it is possible to use it as a handy place to store anything from project notes to a list of passwords.
So, what should you consider when sanitizing network routers and switches? Using a factory reset function cannot prove that it fully destroys this stored information—there’s no way to check—and the process is quite labor intensive. But the alternative, device physical destruction, eliminates the possibility of resale after decommissioning. As the cost of these devices rises, fewer enterprises and IT asset disposal (ITAD) organizations are willing to sacrifice their resale value if that can be avoided. Some organizations also require network devices to be sanitized of data even before being repurposed internally, which is obviously incompatible with physical destruction.
The Unique Challenges of Sanitizing Network Equipment
A common scenario at equipment end-of-life is for racks of servers to be taken out of service as units, with each unit including a top-of-rack switch. Because shredding an entire network switch is impractical, for example, secure disposal using physical destruction involves significant manual effort, as technicians must open each equipment chassis and remove the storage drives or other media.
Uninstalling storage from network equipment also requires specific technical knowledge to identify the relevant storage device(s), which may consist of multiple pieces, such as both a hard drive and a nonvolatile memory chip. In some cases, the storage will be soldered to a system board, which requires removing the board and either shredding the entire thing or else physically cutting the storage off of the board. These considerations make physical destruction of network equipment highly inefficient from a cost perspective. And, in an era where more and more enterprise customers and investors are prioritizing eco-friendly initiatives, organizations are becoming less willing to indiscriminately destroy usable hardware. Sanitizing network routers and switches in an streamlined, yet eco-friendly way requires a different approach.
Reducing Manual Labor for Network Device Sanitization
Blancco Network Device Eraser offers a highly efficient and secure software-based alternative to both physical destruction and manual processing: It non-destructively and permanently sanitizes switches, routers and access points according to NIST 800-88 Clear and Purge levels. It easily integrates with your WMS, AMS or other existing systems for added flexibility and automated process flow. And, it centrally gathers digitally signed erasure reports within our Blancco Management Console for an easy-to-access, tamper-proof audit trail.
By harnessing software-based operations when decommissioning used these used network devices, you can dramatically reduce the amount of labor needed to ensure data protection and compliance with data protection regulations.