How to Securely Dispose of Company Data and Hardware
As you upgrade aging hardware and infrastructure, you must keep data security in mind. The end of the lifecycle is still a crucial aspect of responsible storage management. It is essential that confidential data is not exposed; this can be achieved through safe and secure decommissioning of your storage hardware.
How to Know When Your Hardware and Data Are Ready for Decommission
There are several reasons you or your company may need hardware or data decommissioned. Maybe your current records are scattered across multiple systems and you need to cut down on maintenance costs by condensing system hardware throughout the company. Or maybe there has been a merger, which developed a surplus in extra hardware that most likely has redundant applications and data. Whatever the reason may be, below are some ways to decommission your data and hardware.
Want to Save Hardware for Later Use?
By using clear technology (software-based) or purge-level sanitization, you can decommission your data while leaving your hardware intact.
Clear technology applies numerous overwrite patterns and cycles to achieve obfuscation of original information. Basically, you can use this software to confuse your computer on where and how your data is stored. However, this technology lacks the ability to effectively access and eradicate recoverable information from blocked bad-sectors and tracks, meaning that this software does not actually decommission your data. Thus, your data can still be recovered with common data reconstruction software or other laboratory-level data reconstruction technologies.
Purge-level sanitization eliminates data from all storage regions on the media surface beyond laboratory reconstruction efforts. An example is Secure Erase. This is actually an embedded function in your hard drive that can render the processed device devoid of any data in all storage regions of the media surface, while preserving the hard drive and allowing it to be reusable. You might think that this would be an extremely slow process, but it is actually pretty fast: it can purge 100GB of storage in 17 minutes, making it one of the fastest decommissioning processes out there.
Physical Destruction: The Only Sure Method
Because digital wipe methods can be reconstructed or incomplete, sometimes physical destruction is the only way to be certain that your data cannot be recovered from discarded hardware.
One example is degaussing, also a purge-level sanitization, which exposes your hard drive to a magnetic field of ample power to purge all traces of your data on the enclosed magnetic media surface. This may destroy the data, but it will also destroy your hard drive. In addition, it is a costly technology that requires operator training and frequent audits of the processed devices.
With paper you can just shred sensitive information, and the same principle actually applies to hardware. There are industrial shredding and disposal sites that will physically destroy your hardware for you. This is called destroy-level sanitization. It ensures absolute destruction of all data when performed in accordance with acceptable practice and cannot be reconstructed by any effort, although it also ensures absolute destruction of your hardware.
There are many potential failures and vulnerabilities with this type of decommissioning. Since this service is often conducted offsite, you will have to contract with external service providers, which will expose your hardware and possibly your data. This also goes against any data security and confidentiality regulations, because there are no automated audit controls put in place. Another issue to be concerned about with this type of decommissioning is the impact it has on the environment. There are environmental regulations for disposal of such hardware, and you could possibly pay a hefty fine for not following them. However, responsible waste management in an environmentally protect landfill can cost a pretty penny as well.
Compliance or Regulatory Considerations
The National Institute for Standards and Technology (NIST) formulated guidelines for proper media sanitization and information disposition. They determined that software-based (clear level) technology is not an effective means for decommissioning hard disk devices of data. Special Publication 800-88 cites that proper decommissioning is achieved through purging level technologies, and the NIST and National Security Agency (NSA) highly recommend Secure Erase; the NSA was actually apart of the development process for Secure Erase.
Why Destroy It When You Can Store It?
Sometimes companies need to decommission data because they have run out of internal storage space and now require some in-house cleaning. Hard drives have a very limited amount of storage space, and it can fill up quickly, leaving you with some tough decisions to make. Cloud storage options can offer easy storage of your data in a secure location without having to worry about the space available. The cloud will eliminate any need to go out and purchase new hardware for storage purposes.