Drawn ducks on real water

What You Need To Know About Chain Of Custody For Data Center Moves

In our last post we talked about some of the dynamics that go into orchestrating a harmonious data center migration. When it comes to protecting the backbone of your business operations during a move, there is more than just equipment at stake. There is also the data that resides on your servers and hard drives. That data is exponentially more valuable than the hardware that houses it, especially if it contains sensitive information like patients’ medical information, customers’ financial information or companies’ trade secrets.

Every company, however large or small, has some data that they want to protect from competitors, prying eyes or malicious theft. And in this day and age when data security – or lack of it – makes headlines nearly every day, protecting that data has become a challenge that has business owners on guard.

Not only do outside parties and seasoned criminals pose a threat, but even a disgruntled employee may choose a data center move as an ideal time to vent their frustrations or take retribution into their own hands.

You may also be subject to outside influences like HIPAA compliance that requires specific security measures to be taken with sensitive and confidential data.

Whatever your circumstances, implementing an effective chain of custody strategy during a server relocation is central to protecting your data, maintaining the trustworthiness of your business and ensuring that you fall within any legal guidelines that govern your industry.

What Is Chain Of Custody?

Put simply, it is the careful process of transporting items that contain data from one point to another so that they are visibly accounted for at all times and supported with documentation to track their movement.

An effective chain of custody follows a specific and rigorous process that remains unbroken throughout the move. It can also be verified at any point during transport to ensure its integrity.

An Effective Process

An effective chain of custody begins by documenting exactly what is being moved. The items are then packaged, put into containers and sealed so they are tamper proof.

The containers are loaded onto the truck where the doors are closed with a padlock. A tamper evident security seal with a serial number is placed on the door and a business representative signs off on the process, acknowledging that the equipment that houses data has been handled securely.

It is important to note that the servers or other vital equipment do not leave the sight of the movers except for the period when they are secured in the truck. Nor does the truck itself ever leave the sight of at least one of the movers.

At the destination point, the truck is unsealed in front of a customer representative who acknowledges that the serial number is accurate. At no point from origin to destination should the cargo seal broken. If it needs to be broken because of truck breakdown or an inspection at a DOT roadside checkpoint, the mover needs to know the procedure for how to handle this. Otherwise, it would be difficult to maintain protection from a security breach.

Professional movers will not vary from their chain of custody discipline, ensuring that your most valuable assets follow a rigorous security protocol.

How A Chain Of Custody Discipline Will Affect Your Move

The security protocols required to transport sensitive data take time to implement, which means the move itself requires more time to execute. This is important to take into account as you plan for the interim period between shutting equipment down and rebooting at the other end.

It also requires at least one extra person on the job so that the moving company can have eyes on your shipment at all times. That in turn may incur additional labor costs, but when it comes to safeguarding your data, there is no price tag that you can put on security.

With careful and expert orchestration, the entire process can be smooth and seamless.

Security Failure Points

Unfortunately, the same businesses that want to protect their data may also be cost-conscious and let that affect decisions in ways that have serious consequences. Failing to implement a chain of custody discipline because of price pressure is the first and most easily avoided point of failure. The cost of an extra hour or an extra mover is a small cost to pay for assurances of a secure move.

The second most avoidable – and common – mistake is hiring cheap labor. When price concerns trump security concerns, risk is exponentially magnified. Entrusting your data to someone who is not experienced or well versed in security protocols is an unnecessary and avoidable risk.

Worse, you may not even notice a breach immediately. You may think you’ve successfully avoided disaster only to learn months or years later that data has been stolen without understanding why.

Finally, if you’re moving data that resides on office servers or workstations, be mindful of your office environment during the move. Remember that disgruntled employee? He doesn’t have to work too hard to steal or even destroy data if your server room is busily trafficked and unmonitored.

Be mindful even of staff who may have security clearance to be in a server room, such as IT personnel. In the chaos of a move, it is too easy to steal or damage data and let someone else take the blame.

An experienced moving company may warn against allowing access to your equipment during a move so heed their advice. You may be inclined to trust your staff or feel defensive if they’re threatened, but an ounce of prevention during a move can save you tons of troubles later.

The lesson: take security seriously and work with a moving company that does, too.

A Final Word Of Caution

We’ve been talking about data center migrations but chain of custody applies to recycling your IT assets as well. No security protocol will protect data that’s been left on a hard drive and dumped on a street corner for trash pickup or into a dumpster when you upgrade to the latest technology.

Take security seriously by destroying old hard drives and obtaining the proper certification for their disposal. Even if you think you’ve wiped them clean, you’d be surprised by what an enterprising criminal may be able to recover.

If you’re moving to a new office space or migrating your data center and want to ensure that your data is protected through a rigorous chain of custody discipline, contact us and let us know. We’ll answer your questions, explain our process and show you how trouble-free your move can be.

Categories