Hard Drive Shredding New York Style

Posted by Frank Milia

Jan 13, 2015 8:55:00 AM

ITAMG regularly provides IT disposal and data destruction services to our clients with offices and data centers in New York City. Recently we have had a lot of new clients ask us how it’s even possible for us to provide onsite hard drive shredding services in the chaotic New York environment. This post provides a quick explanation of how we manage obstacles and securely destroy electronic media in one of America’s most bustling cities.

Hard Drive Shredding NY

Parking in New York City can be a nightmare. The industrial shredding equipment used to shred hard drives weighs thousands of pounds and is mounted on a large box truck (similar to paper shredding trucks you may be more familiar with). Most loading docks in New York City are extremely busy and located indoors, so idling and shredding drives at a dock is not an option due to congestion as well as health and safety concerns.

In order to get the work done curbside our crew will first scan and capture the serial numbers of the drives and then place the media into a locked container while still inside the client’s space. They then transport the locked containers, which are on wheels, down to the mobile shredding truck.

When there are no available parking spaces in the area we may be required to park several blocks from the client’s location. Although the client may be forced to get some unexpected exercise by taking a walk to the truck, he or she is able to follow the media at all times, and no media is left unattended.

To combat parking restrictions we always staff at least three crew members in New York City. All hard drive shredding projects in New York are staffed with a driver and a minimum of two technicians. With this strategy the truck can remain in a standing zone nearby while the other two crew members audit and prepare the drives for destruction.

When the technicians are done processing and auditing the drives the truck is called in to collect the container and the drives are destroyed at the nearest possible location. This staffing practice accounts for a potential emergency or required break and allows for a crew member to always remain available to guard the media prior to its destruction.   

Everything, especially time, in New York is expensive. In order to reduce service costs our shredding trucks are also equipped to collect electronic waste and surplus computer equipment that is being liquidated.  In addition to the shredded media remains there is space to remove upwards of three hundred desktops at a single service.

We are able to reduce shipping and logistics costs for projects that require both on-site media destruction and IT asset disposal services by performing both services at the same time.      

ITAMG has been working in New York City with our own crews since 1999. If you are already a New York hard drive shredding client please reach out to your account manager and let us know how we are doing.      

 

Interested in Data Destruction Best Practices?  Download our quick guide to NIST 800-88 Guidelines for Media Sanitzation below.

5 Data Destruction Tips

more

Topics: data security, data destruction, hard drive shredding, data sanitization, Hard Drive Shredding NY

SSD Secure Erasing Methods and OEM Instructions for Data Destruction

Posted by Frank Milia

Nov 21, 2013 7:45:00 AM

When purchasing and utilizing solid state drives (SSD) end-of-life management should be seriously considered.  Data sanitization prior to disposition or re-deployment for a SSD differs from a traditional hard disk drive (HDD). SSDs store, write, and re-write data differently than spinning hard disk drives, and require a more stringent approach to achieve secure data erasure.

In a PC Magazine article SSD vs. HDD: What's the Difference? more in depth details are SSD_Guygiven for the differences between spinning HDD and the interconnected flash memory chip data storage technology of the SDD.

A software solution that is typically used to over-write data on HDDs, even with multiple passes, may not be a proper data destruction solution for SSD.  Some common software erasure tools may not consistently access all storage areas on the SSD, and as a result blocks of data can be left behind after binary wiping solutions are utilized.

The various manufacturers of SSDs offer their own solutions for SSD erasure. These built in processes are important to understand before purchasing SSD as they will need to be performed on each drive at time of disposition or reuse.  All secure SSD erasure procedures should be followed up with manual confirmation of success and regular random quality assurance from upper management, as well as physical destruction procedure where failure to wipe or security policy otherwise dictates.

Deguassing solid state drives is not a secure option as SSDs do not use magnetic storage.  

 

It is advisable to have a good understanding on the process of each secure erase instructions from the various OEM utilities:    

 

Seagate: http://www.seagate.com/files/www-content/product-content/_cross-product/en-us/docs/how-to-ise-your-drive-tp-644-1-1211-us.pdf

 

Kingston:  http://www.kingston.com/us/community/articledetail?ArticleId=10 

 

Samsung SSD Magician Manual (Secure Erase): http://www.xander.com.hk/product/product_manual/prod_manual_500.pdf

 

Intel: http://www.intel.com/support/ssdc/hpssd/sb/CS-034294.htm

 

Corsair: http://www.corsair.com/applicationnote/secure-erase

 

Crucial: http://forum.crucial.com/t5/Solid-State-Drives-SSD-Knowledge/SSDs-and-Secure-Erase/ta-p/112580

 

Feel free to post other instructions for major SSD manufacturers and ITAMG will continue to update this list.

 

Download ITAMG's Free Guide: 5 Best Practices for Data Destruction

 

5 Data Destruction Tips

 

more

Topics: data destruction, education & tips, hard drive shredding, IT Asset Disposition

One CIO's Trash, Is The Same CIO's Liability

Posted by Steve Bossert

Nov 11, 2013 12:07:00 PM

What happens when end use computing, mobile devices and data center infrastructure reach the end of its useful life in the enterprise environment?  It turns into a major business liability.

13737975_xl_electronic_wasteEach week, vast amounts of hardware is discarded by corporations large and small as they replace or upgrade to newer computing hardware.  Some companies believe that they are doing the right thing during the decommissioning process by focusing on following ecologically sound recycling practices. This often includes "deleting" information or "wiping" VoIP or mobile phones to round out the end of life process.

 

However, once these steps have been undertaken, few firms ever take the trouble to independently audit what is left on those drives or trace where they ultimately go in their long journey after they leave. Unfortunately pressing “delete” is seldom enough.

Robert Plant, who is an associate professor at the University of Miami says:

"Security is only as strong as the weakest link. Law enforcement, the security services and industrial spies who dumpster dive (or, more accurately, bid on containers of e-waste) have the tools and the capabilities to retrieve your deleted data from sources such as cache memory and discarded routers. In addition, they can piece together data from multiple sources."

The professor goes on to cite an example that could happen at any financial services firm that does not properly vette its chosen IT asset disposal, computer recycling or data destruction partner.

Anyone who has "C" as part of the professionally assigned title, should not only pay close attention to what is spent when acquiring new IT equipment or even a new full size printer or copier, but also on future costs involved in decomissioning that asset. Environmental, data security and corporate liability are all to be equally thought about. You can not afford not to.

Perhaps for many firms it is time to start reassessing their corporate-information disposal processes. They need to stop thinking of this as a disposal problem for facilities to handle and realign this under the correct risk-management authority it truly deserves. One good place to start is to look into the costs of on-site data destruction and hard drive shredding.

On a per HDD basis, it may be the best business decision that can be made for less than the cost of a soup and half a sandwhich combo at your favorite NYC deli, pickle and sides not included.

Looking for More Info On Best Practices for EOL Equipment?


Download 5 Data Destruction Tips

 

more

Topics: IT Asset Disposal, IT End of Life Strategy, data destruction, hard drive shredding

The Frightening Impact of Theft, Loss, and Data Breaches

Posted by Frank Milia

Oct 15, 2013 7:29:00 PM

“Don’t panic, it’s only a data breach.”  Are those words that you would ever hear?  Certainly not, because when there is a data breach while panic may not be the optimal reaction it more often than not is the reaction. 

A data breach can cause shock waves through a company and even a community.  Just look to the example of Santa Clara Valley Medical Center who had to notify 571 patients that their information, including birthday, age, sex, and even specific medical results,  was compromised after a laptop had been stolen from their location in San Jose, California.  571 individuals concerned about identity theft and their information in the hands of criminals all because one laptop was stolen.  

According to information obtained by Symantec, theft or loss was the top cause for data breaches second to criminal hacking.  The study, done in 2011, revealed the combined statistics from theft and hacking resulted in over 200 million compromised identities.

Guys_On_HD

 

So if theft is number one and hacking is number two, it is safe to say that companies must defend themselves sufficiently against both aspects.  HR and the department heads of IT must consistently be planning and implementing procedures to mitigate risk from both loss and criminal activity.  From demanding that simple procedures be followed such as shutting down computers so passwords are required on start up, locking down offices after work hours, to training on the importance of keeping mobile assets secure everywhere they go, companies must arm themselves with every means possible to take care of data that is stored on-site at the firm.

As an IT Asset Disposal vendor operating since 1999 we have found that assets at time of disposal are at an increased risk to theft.  When assets are retired and not properly secured, stored, and accounted for negligence can lead to a low tech data breach in the form of missing, lost, and stolen media.

The first step to ensuring loss and theft does not affect your data security is to take accurate inventory of retired assets.  Once this is complete assets should be kept in a locked room or cage until sanitized or serviced by an approved disposal vendor.  For highly confidential media santization or destruction should take place prior to disposal of equipment. Receiving logs and inventory audit reports from disposal vendors should then be used to cross reference serial numbers to your firm's asset management records. Many companies may have excellent data sanitization processes but neglect the serious threat of theft prior to the completion of data destruction due to real estate, space, and other logistics obstacles.        

In the Ponemon Institute’s and Symantec’s Report "2013 Cost of Data Breach Study,"  the numbers regarding the costs associated with a data breach are frightening:

 

US Cost per Record:  $188

Average Records per US Breach:  23,647

Average US Data Breach Total Cost:  $4,445,636

Average Cost Due to Lost Business: $3,030,814

 

In response to these alarming figures companies can also mitigate risk by implementing a policy regarding data destruction using a firm that will monitor, guard, and provide proof of destruction through Department of Defense compliant data eradication methods.

The U.S. Department of Defense (DOD) has established a National Industrial Security Program Operating Manual that various Federal Government Departments must use including the Department of Defense, Department of Energy, and CIA. The program describes the methods and systems by which classified information must be secured. Through this data destruction protocol, information is kept secure from acquisition through destruction.

Disastrous results can be avoided through strict adherence to safety and security policies both on-site and after the sale of IT equipment.  Informing customers and employees of a data breach is the last thing any company wants to have to do.  Customers will be lost and employees’ trust will be diminished. To avoid these issues company heads must plan accordingly, take action, and choose wisely when selecting vendors to help with security needs.

 

 

Looking for More Info On Best Practices for EOL Equipment?

 


Download 5 Data Destruction Tips

 

more

Topics: data destruction, data breach, Computer Liquidation, hard drive shredding, IT Asset Disposition

   

ITAD Guidance

Stay informed on important IT asset management topics.

Our posts focus on IT management, data security, and computer hardware from the unique perspective of IT asset disposal experts.

Subscribe and you will stay on top of:

  • IT procurement trends and analysis
  • Data security methods and best practices
  • Compliance tools and updates

Subscribe to Email Updates

R2-2013_Logo.png

Recent Posts

Visit our Main Site at: www.itamg.com