Wiping drives that are simply going to be recycled is obviously a wasted expenditure. As such, companies tend to only pay to erase hard drives that retain a feasible amount of secondary market value that can offset erasure costs. However, drives that are under restrictions like HIPAA, PCI, or FISMA often cannot be wiped per their compliance requirements; these drives must instead be destroyed. Proof of data destruction removes liability from your organization and provides a paper trail that ensures all data is accounted for.
Data destruction is the physical process of making a hard drive unusable for conventional equipment. Arguably, this method can be accomplished with a hammer and some sweat equity, but this is an extremely inefficient method (especially if you have hundreds of units to decommission). Instead, most companies rely on punching and shredding machines to do the job.
Punching requires hand-drills or drill presses to punch holes into the drives to make them unreadable (although, plausibly, if not done correctly, data could still be gleaned from the drive). While this method is more effective with spinning disks, it is not as effective with solid state drives (SSDs).
Shredding machines are similar to paper shredders, but they are built to accommodate more resilient materials. The machine’s powerful, rotating teeth completely destroy the drive, leaving no possibility for drive or data reassembly. This method is ideal for all types of hard drives, but remains especially important for SSDs to ensure the destruction of each onboard memory chip.
Because shredding is more comprehensive, CentricsIT encourages our clients to have their drives shredded rather than have them wiped (though we do offer punching services as well).
Determining Cost-Benefit: Data Destruction vs Data Erasure
The more time it takes to erase your drives, the longer the overall project takes, and the higher the cost.
As such, you need to determine if your soon-to-be-decommissioned hardware has enough secondary market value to offset the expenditures and the time-sink of adequate erasure procedures. Unless you have intimate knowledge of secondary markets and current hardware procurement trends, it can be difficult to make this judgement call in-house.
Your Data Security is Our Priority
“Worldwide, approximately 1.1 million identities were exposed per breach, mainly owing to the large number of identities breached through hacking attacks. More than 232.4 million identities were exposed overall during 2011. Deliberate breaches mainly targeted customer-related information, primarily because it can be used for fraud.” – Internet Security Threat Report Volume 17, Symantec, April 2012
When you approach CentricsIT with any IT asset disposition project, the first thing we address is your data. Depending on your specific requirements, we can deploy advanced disk sanitization methods to erase your data to HIPAA and Department of Defense NISPOM standards or use disk destruction devices to obliterate your hard disks entirely with data erasure. Regardless of the procedure you prefer, CentricsIT will provide you with a Certificate of Erasure or Destruction, which provides proof of data destruction, backed up by our data security guarantee.