Proper handling of end of life computer equipment and electronic media is critical to avoiding costly data breaches and debilitating exposures to your business and client data. Your options for hard drive disposal should not be limited by archaic security policies, vendor capabilities, or lack of in-house expertise or access to industry leading tools.
The below is a quick guide to the common tools and methods utilized by sophisticated IT asset disposal providers and IT departments alike.
Binary wiping and secure erasure:
Many times referred to as Department of Defense (DoD) three pass erasure, secure erasure writes multiple passes of binary code over a drive’s data to eliminate the path to the data. The term DoD erasure is an asset disposal industry and IT shorthand and it should be noted that no software or erasure method is specifically endorsed by the DoD. The method is a commonly accepted software tool for destroying data on magnetic and solid state media.
Having a contracted erasure service or in-house capability to securely erase machines is ideal to reuse machines in your environment, sell machines to a computer liquidator at optimum value, and ship or relocate machines that are not encrypted.
Enterprise erasure tools should include reporting and verification utilities that allow organizations to save detailed certificates of destruction to the NIST 800-88 standards as well as identify drives that do not wipe to one hundred percent satisfaction. When drives fail to wipe securely the user can quarantine and use another physical destruction method.
DoD erasure is a method approved in the NIST 800-88 Guidelines for Media Sanitization in certain situations, but is not recommended for media that has higher risks associated to an exposure or contains top secret data.
Hard Drive Shredding and Media Pulverization
Hard drive pulverizing or media shredding are terms commonly used for the industrial shredding of electronic media. Although the equipment can be expensive for many business to own and maintain, many organizations utilize the method with the help of various asset disposal or document shredding service providers. This method is ideal for quickly and cost effectively destroying large quantities of hard drives, optical media, flash drives, and other electronic storage.
Hard drive shredding can be performed off-site at a vendor’s facility or on-site utilizing specialty shredding equipment typically deployed by the tier one IT asset disposal providers like IT Asset Management Group.
Hard Drive Punching
Smaller machinery like hard drive punchers are ideal for eliminating the risk of shipping live and accessible data by first punching the drives before shipping or relocating the drives for the final shredding and recycling process. Punchers are utilized where the large footprint of a shredder would not be possible or cost effective. This method is ideal for small quantities of drives and is typically not cost or time effective for the destruction of large quantities of media.
Much like hard drive shredders there are hundreds of different kinds of hard drive punchers and some are not as effective for solid state drives or other types of media. It is important to research and understand what a specific machine or service provider is able to do on a case by case basis.
Degaussing Hard Drives
Degaussing hard drives is another solution ideal for smaller projects where an industrial hard drive shredder may not be available in the geographical area or economically appropriate for the project. Degaussers use powerful magnets to destroy data on hard drives and other media but does not work for solid state hard drives or flash media.
Degausser machines are no longer the prevalent tool that they once were due to the superior output of shredders and more effective verification methods of enterprise erasure software utilities. Nonetheless, the tool remains active due to security policies that have been written and not updated or where other tools prove to be near impossible to deploy.
For more information on appropriate methods and documentation of data destruction practices please review our short guide to NIST 800-88.