Data bearing device security


Datacenters contain data, and this data is normally stored on media such as hard disks, flash or USB drives, and other types of storage devices. Microsoft handles such devices from installation to decommissioning with the strictest security.

Data bearing device handling

All devices in Microsoft datacenters are handled according to their asset classification and the classification of the data they contain. Physical media are always stored securely under camera coverage and may not be moved into or out of the production environment unless strict protocols are observed, such as a valid work ticket to replace a hard drive.

Physical ingress and egress points for production locations are monitored using screening points to detect any unauthorized movement of storage media. Both walk-through and handheld scanning devices are employed to detect storage media at these screening points. No storage device is permitted into a production environment unless the device is in sealed original packaging. Storage devices are not permitted to leave the production environment unless to an authorized onsite storage or destruction facility.

Secure disposal

When assets are decommissioned, Microsoft datacenters handle any data bearing media according to NIST SP 800-88 Guidelines on Media Sanitization. Appropriate means of disposal are determined by asset type. Procedures follow a secure chain of custody, with detailed, permanent electronic records for each step through to secure disposal.