Every hard disk drive reaches a point where it must be safely and securely put out of commission. But how can you be sure someone doesn’t find it, plug it in and read all your data?
There’s so much uncertainty surrounding how end-of-life media is actually sanitized from a system, so here’s a quick guide to get you up to speed:
Common methods of erasure
You’d be surprised how many people drag and drop a file into the recycling bin and think it’s wiped from existence. In this scenario, that media is still living on the hard disk drive. This lack of taking a proper approach to deleting files becomes a real issue when the average person sells their old computer system. Financial records, photographs and personal data are, more often than not, left on the drive for the new owner to access.
When companies take this path, chaos can break loose. Hospitals can lose patient records and financial firms can squander valuable client information. Furthermore, the price of being this lackadaisical about data security is staggering. According to the latest research on data breaches by IBM and the Ponemon Institute, the average record costs a company $158. In the healthcare industry, this price skyrockets to $355 per record, due to multiple compliance laws in effect, as well as the chance to be sued for very personal information being essentially handed over to a hacker.
There are a number of common forms of data erasure on the market, with each having their own niche of operability. Software wipes are lauded for their ability to permanently delete data in a timely manner. In reality, all these programs really do is scramble code, meaning information is still left on the disk drive.
On the other hand, eSecurity Planet reported that physically destroying a disk drive renders it unreadable. This is true, but only if proper precautions are taken beforehand. Small pieces of the drive can hold terabytes of information, and a digital forensic expert could easily extract data from it.
The only surefire way to effectively and securely sanitize your end-of-life media is by degaussing it first, then physically destroying it.
What is degaussing?
Hard disk drives have a magnetized casing that stores data inside of it. Doing a simple software wipe of this is akin to shredding a piece of paper; the bits of information can still be pieced together.
“Degaussing is the only way to securely sanitize end-of-life media.”
Degaussers use positive or negative polarity to demagnetize the data inside. This renders the drive completely unreadable, rather than just moving around the information inside of it. When it comes to compliance laws, this form of data erasure is the only method approved by both the National Security Agency and Department of Defense.
When combined with physical destruction, corporate entities gain an effective one-two punch for sanitizing their end-of-life media. Once the degausser is used to demagnetize the hard disk drive, a compactor can then be used to destroy it. This ensures that, even if a hacker finds the hardware, the information inside is irretrievable.
Laws like the Health Insurance Portability and Accountability Act or the Data Protection Act are in effect for a reason. Not only is a data breach costly for the company, but for the consumer whose information was leaked as well. Financial stability can be ruined and identities can be stolen. In this digital era, it is imperative that organizations collecting massive amounts of data on people be accountable for the secure erasure of those files when they’re no longer needed.
Don’t take a chance by hoping a file is erased. Degaussing eliminates any uncertainty – as well as the media inside of hard disk drives.