Secure Deletion Of LUNs Of Active High-End Storage Systems Part 2/3

11 September 2015 by Michael Nuncic

Scrapped, defective or outdated hard drives can be a special source of danger for companies. Because in many high-end systems stored data are not only distributed over many hard drives, but often also – due to the implemented data recovery functions – in several versions. Thus, in many cases data on scrapped hard drives of an EMC, NetApp or CommVault system containing sensitive business secrets can be reconstructed. It is therefore important, not only due to the current or coming (GDPR) data protection regulations, but also to protect intellectual property belonging to the company, to make sure that all data has been securely destroyed before the hard drives or SSDs of the high-end server or storage system employed are scrapped.

After having dealt in the previous article with the basics and the necessities of LUN erasure, the processes to be performed, and the data erasure process to be employed on a LUN that is to be erased for new users, we will now deal with another erasure process which typically requires the secure erasure of LUNs:

The erasure of LUNs, because the hardware used (an HDD) is defective or fails to function optimally and has to be replaced, e.g. when a hard drive has exceeded the established threshold of bad blocks.

What exactly does the data erasure process look like?

LUN data erasure process 2: Erasure in case of HDD replacement due to defects or degradation

Even in a high-end system, the hard drives used won’t last forever. In many cases, the remaining life of a hard drive is automatically detected by the system. When a predetermined threshold of bad blocks has been exceeded, the time has come to replace the hard drive concerned. The same is also true when a hard drive proves to be defective and has to be replaced.

At this point we will not discuss how the data which are still present on the LUNs of the failed drive are to be saved, because this is an issue which we have already discussed in other blog posts. What is important here is to analyse what the process of safe LUN erasure looks like.

In both cases – defective drive or exceeded threshold value – it usually happens that the high-end storage system itself sends a message to the administrator during normal operation.

In accordance with the applicable internal company guidelines, a check is made to verify whether the specific drive is still responsive or not, and whether either a software-based or a degausser-based erasure is the best alternative, both for cost and technical reasons. Once the decision for one of the two options is made, the LUN is unmounted from the system, the technicians of the high-end system provider are called, and the hard drive is removed and securely erased using software or a degausser. The technician then installs the new hard drive into the system, mounts it, and if necessary, establishes new LUNs.

But the erasure process is far from over at this point! After the failed or degraded drive is replaced, the question arises whether it is to remain at the company or – the normal case – it is to be taken away by the provider. This question is not easy to answer, because it is closely related to the internal and external company policies that apply to the data concerned. Thus it may well be possible that the company, despite the already secure data erasure by means of software or a degausser, prefers to keep the hard drive at the company at a physically secure place. For this, however there are significantly higher costs than if the drive is taken away by the provider. In addition to storage costs, the system provider has to be paid to allow you to keep the drive, and usually the fee charged is quite steep.

If the company still wants to keep the drive, other costs will be incurred subsequently and sometimes only after some years have gone by: the cost of disposal and the cost of proving that the drive has been safely disposed of. No matter whether the intention is to sell the drive later to a recycling company after being degaussed or to a metal recycler after being shredded, these costs are incurred in any case.

If the drive is however given to the manufacturer's technician, there remains a (low) residual risk that after some years the hard drive eventually ends up in a Third World country, is dismantled and possibly put to work again.

The conclusion is that in order to be on the safe side and to ensure that the data cannot be read at some point in the future, it is particularly important that the drive is securely erased at the company before it is taken away by the technician.

In the final part of our series on LUN data erasure processes, we will discuss the case when data on LUNs must be securely erased, because in the context of a (system) migration project, the old high-end system is to be replaced and a new high-end system is to be implemented in its place...