Hey, You, Get off of My Cloud!

Hey, You, Get off of My Cloud!

It seems everyone has their head in the clouds these days, as more organizations move away from installing software and storing data on their hard drives on so-called computer clouds – computer storage and operation platforms they access online.


The 2006 revision to the Federal Rules of Civil Procedures (FRCP) requiring companies to store all electronic information (including e-mails, voice mails, and instant messaging threads) and to produce them in the event of discovery, has driven human resource professionals, risk managers, and information technology staffers to new levels of fear and trepidation. Many companies simply can’t afford the cost of the infrastructure required to archive this quantity of data in a way that it can be efficiently mined to comply with subpoenas. Contracting with a cloud-based storage service that specializes in archiving and retrieving electronic data can solve this problem. It can also boost a company’s record retention credibility should it come under scrutiny by regulators. While such services may be costly, the organization’s using them save on the sheer amount of hardware they would have to purchase and maintain in order to store all the data required to reply with the 2006 FRCP Revision.

Computer clouds aren’t just about virtually expanding your closet space. Many companies now employ online cloud-based programs and software instead of installing programs on their mainframes or computers. A major advantage of these Platform as a Service (PaaS) or Software as a Service (SaaS) clouds is that the software they provide is regularly updated. This can save organizations massive amounts of time traditionally devoted to RFPs, reviewing bids, and meeting with vendors, not to mention installing and implementing news software, whenever their existing software becomes obsolete – say between lunch and dinner.

Another benefit of computer clouds is that should a fire, a natural disaster, or not so natural disaster should shut down your business site indefinitely, you can still access the data and programs used in your organization’s day to day operations. The moment you set up shop elsewhere, be it temporary or otherwise, you can pick up where you left off as far as your data and computing needs are concerned.

Likewise, computer clouds benefit employees who regularly travel on business, as they provide these employees with a means for accessing the organization’s database and programs from anywhere on the globe. This benefit also serves as a solution to the risk of laptops and other personal electronic devices being subjected to electronic searches at border crossings. Employees do not have to store sensitive or proprietary information on the hardware they carry, since they will be able to access it online.


The obvious drawback to cloud computing is the potential risks entailed in storing sensitive or proprietary information online. As techniques for securing and encrypting information become ever more sophisticated, more organizations are willing to take this risk.


If I Had a Hammer – Deleting Your Hard Drive

hammerIf you believe deleting all your programs and files or running your original system restore software will erase everything from your hard drive, you may be an identity thief’s best friend. Your computer may be safely locked in your office or home but sooner or later you’ll replace it and will either donate your current computer or dispose of it (hopefully at a reputable recycling facility). Your hard drive may then become easy prey for identity thieves, the fastest growing body of criminals in the United States.

In his recent presentation on the “Role of Computer Forensics in HR” for Montgomery County SHRM, Paul Brown (CEO of CyberEvidence), focused on how and why employers should remove and store the hard drives of departing employees’ computers, so that these hard drives could be accessed later in the event that the ex-employee was suspected of having stolen and/or shared any of the organization’s proprietary information. However, during the question and answer period, I asked Brown about the best method for completely deleting the contents of a hard drive when an organization or an individual is donating or disposing of (through a proper recycling center), an old computer. I has assumed that running the original system restore software would completely erase the hard drive. Mr. Brown informed me that it would not. Apparently computer forensic experts and their criminal counterparts can unearth hidden backup or shadow files even after you restored your hard drive to its original, fresh out of the box configuration.

He then went on to advise me that the one sure way to delete the contents of a hard drive was to remove the hard drive from the computer and smash it into pieces with a hammer. Right. Like I know exactly where the hard drive is located, what it looks like, and how to remove it.

The next best alternative, he said, was to download a hard drive wiping software off the web and use it to wipe your hard drive clean (the process may take several hours) before donating the computer or disposing of it at a recycling center. There are a number of freeware and shareware programs available at http://www.tucows.com complete with user reviews, if you’re interested.

If your company maintains sensitive data on its computer (such as employees’ birth dates and social security numbers), you should have a policy mandating the removal and high security storage of hard drives or the physical destruction or the wiping of the hard drives in any computers that are to be disposed of. Likewise, if you or other HR staff have such information stored on your personal laptops or PDA’s you should destroy or wipe the hard drives before disposing of them.

For detailed instructions on destroying your hard drive, check out Hard Drive Destruction Crucial at the BBC Online.