How to destroy end-of-life-data securely.
We have previously discussed the topics of data encryption and data security. Encryption is just one area of data security, and data security rolls up into the broader category of data management. What do you think about when you hear the term “data management?” Does the word “security” come to mind? Maybe you think of BIG data. How many of you think of end-of-life data and data erasure? Data management encompasses the entire lifecycle of data - from creation to disposal.
The question of the day is, “How are you disposing of your data, and are you 100% certain it is secure?” Corporate IT managers all over the world ask themselves this regularly.
Types of Data Erasure
There are several methods you can use to dispose of data. Let’s start with the quick and easy one: physical destruction of the media. If you are not planning on reusing or reselling the media, you can physically destroy it. It might be entertaining to drill, melt, or take a hammer to a drive, but there are better, more secure ways of destruction. If your media is a traditional HDD or tape, an effective, secure method of destruction uses a degausser. A degausser generates a magnetic field or wave that effectively destroys the magnetic domains for data storage when applied to the media.
If you have an SSD/Flash drive, shredding it is the way to go. You want to make sure that the shredder's particle size is small enough to destroy the chips inside the SSD. Some services shred and recycle both HDD and SDD drives. Make sure you verify their process before hiring any professional.
A couple of things to consider are:
On-site vs. Shipping
On-site shredding may have a little higher cost, but you will not have to secure and ship your media. Whereas, if you send your media to the recycler’s location, you must make sure the media is secure/encrypted before shipping.
When shredding SSDs, particle size matters. You want to make sure they are shredded finely enough to destroy all the chips inside.
Physical destruction is very effective if you do not intend to reuse or resell the media. But, for a corporate IT manager, the physical destruction of media adds costs. For example, you have the costs of the physical destruction itself, the potential of secure shipping costs, and the cost to replace the destroyed media.
So, if physical destruction is not the way you want to go, what are some options that will allow you to reuse your media?
Formatting a drive using the OS prepares the drive for storing data and can erase all data on the disk. We say “can” because there are a couple of different options when performing a format. If you want to sanitize your hard drive completely, you need to select a full format and make sure the OS is specifically designed to pattern fill the drives. This will effectively overwrite all of the data on the drive making it safe to re-use or re-sell. This method is effective, but it is time-consuming. It’s probably ok for a home user who only has one or two drives to erase, but if a corporate IT manager is trying to erase 10 to 100 drives, it is probably not worth the time.
Have you ever seen the instructions on how to erase words written with a pencil? You erase, scribble (write) over it and erase again. The same principle applies to data, except you don’t have to erase it; the writing of new data to the same block does that for you. You can intentionally or unintentionally write a set of data over your current data, making it unrecoverable. Overwriting works well with a traditional HDD. When it comes to SSD and Flash media, it is less reliable due to SSD media's complexity. The way the erasure software interfaces with the drive can mean that the overwriting process can potentially miss blocks of user data. This method of sanitizing media is usually achieved with erasure software. There are many different types of erasure software on the market; make sure you choose one produced by a reputable data erasure specialist.
Key things to look for when purchasing erasure software:
Does it erase my type of media? As you probably know, an SSD is very different from a standard hard drive, and an SSD and a hard drive are very different from a mobile device. It would help if you used the right tool for the task.
Do they offer a certificate of erasure? Will you be provided with a certificate stating that your data has been sanitized 100%? Is the software company willing to put their product’s effectiveness in writing?
Will it erase the quantity of drives/media needed quickly? If you're an IT manager with more than 100 drives to erase, you need software that is effective but also quick.
Does the company also offer a service with the software? Some companies will erase onsite at your location, which minimizes risk and time in the deletion process. This can be very helpful when you have a large amount of media to erase.
The rise of data encryption on devices also offers us another way to erase data called crypto erase. It does not matter if it is a self-encrypting drive or a drive with software encryption; it works on both. The basic method is quick and straightforward. First, you make sure your data has encryption, and then you overwrite and delete the key. Those blocks of data are now accessible, and they will eventually experience overwriting when reusing the drive.
Once you choose your weapon of data destruction, how do you know that it is completely erased? If you are a corporate IT manager who has to answer to the powers that be, how do you prove that your erasure methods are 100% successful? What would happen if your company’s data that you thought was erased ended up in someone else’s hands? These are the questions that corporate IT managers should be concerned with. You can learn more about Erasure Verification Services on our website.