Data Erasure vs. Destruction
Security doesn’t end when your hardware does. As you prepare to decommission equipment, you need to plan for your data security. Do you destroy the latent data or erase it?
You must continue security best practices beyond the lifecycle use of your physical equipment. And the most critical part of that is deciding what to do with your hard drives and storage devices before final decommissioning.
Data erasure (or clearing/wiping) is a software-based process that completely overwrites the hard drive with random zeroes and ones, effectively obscuring any residual data left on the device under several layers of meaningless binary.
For DoD 522.20, the standard number of overwrites is 3, extended is 7 (two runs of DoD with an extra pass on top), and the “paranoia pass” is 21+, but the latter wears out the drive more quickly.
Wiping drives that are simply going to be recycled is obviously a wasted expenditure. As such, companies tend to only pay to erase hard drives that retain a feasible amount of secondary market value that can offset erasure costs. However, drives that are under restrictions like HIPAA, PCI, or FISMA often cannot be wiped per their compliance requirements; these drives must instead be destroyed.
Data destruction is the physical process of making a hard drive unusable for conventional equipment. Arguably, this method can be accomplished with a hammer and some sweat equity, but this is an extremely inefficient method (especially if you have hundreds of units to decommission). Instead, most companies rely on punching and shredding machines to do the job.
Punching requires hand-drills or drill presses to punch holes into the drives to make them unreadable (although, plausibly, if not done correctly, data could still be gleaned from the drive). While this method is more effective with spinning disks, it is not as effective with solid state drives (SSDs).
Shredding machines are similar to paper shredders, but they are built to accommodate more resilient materials. The machine’s powerful, rotating teeth completely destroy the drive, leaving no possibility for drive or data reassembly. This method is ideal for all types of hard drives, but remains especially important for SSDs to ensure the destruction of each onboard memory chip.
Because shredding is more comprehensive, CentricsIT encourages our clients to have their drives shredded rather than have them wiped (though we do offer punching services as well).
Determining Cost-Benefit: Data Destruction vs Data Erasure
The more time it takes to erase your drives, the longer the overall project takes, and the higher the cost.
As such, you need to determine if your soon-to-be-decommissioned hardware has enough secondary market value to offset the expenditures and the time-sink of adequate erasure procedures. Unless you have intimate knowledge of secondary markets and current hardware procurement trends, it can be difficult to make this judgement call in-house.
Your Data Security is Our Priority.
“Worldwide, approximately 1.1 million identities were exposed per breach, mainly owing to the large number of identities breached through hacking attacks. More than 232.4 million identities were exposed overall during 2011. Deliberate breaches mainly targeted customer-related information, primarily because it can be used for fraud.” – Internet Security Threat Report Volume 17, Symantec, April 2012
When you approach CentricsIT with any IT asset disposition project, the first thing we address is your data. Depending on your specific requirements, we can deploy advanced disk sanitization methods to erase your data to HIPAA and Department of Defense NISPOM standards or use disk destruction devices to obliterate your hard disks entirely with data erasure. Regardless of the procedure you prefer, CentricsIT will provide you with a Certificate of Erasure or Destruction, backed up by our data security guarantee.
We utilize: Disk Shredding, Certified Data Sanitization and Reporting, On-site or Off-site Data Erasure, Department of Defense 5220.22M 3x/5x/7x, and Custom Data Erasure.