Leonard Rosen, SEM Founder and Chairman of the Board
As the world becomes more technologically advanced, so has the world of data destruction. Westborough-based Security Engineered Machinery, founded more than 50 years ago, has met that demand with devices that destroy hard drives. Founder Leonard Rosen spoke to WBJ about the company’s role in securing the information of government agencies and government contractors.
How does SEM help keep the country’s data secure?
Every military installation — and company of note — is involved with electronic media. In the past, it was all paper. As time went on and advancements were made in communications and data storage, electronic media became the ultimate in information accumulation.
We have adapted by coming out with machines that can destroy the information on these new devices.
What kind of machines?
Our biggest area of expertise is in hard-drive destruction. That’s done in several ways. One is by deaussing, which is introducing a magnetic charge to a hard drive that basically erases that information.
Are the physical items also destroyed?
We have crushers that exert force into a hard drive and very heavy-duty shredders that accept hard drives and chew them up into tiny pieces.
How much communication is there with customers on new adapting SEM devices to fit their needs?
Depending on what the government agency or defense contractor is doing, we can adapt our machines to meet whatever security requirement they have.
SEM does work with defense contractors?
You’ll be hard pressed to find a major defense contractor in the U.S. that doesn’t use our technology.
Do these products have to meet any government standards?
When we find out what new devices need to be destroyed, we either have something that can destroy it or we start designing one that can do it. Once we have a completed product that we have confidence in, we sent it to National Security Administration for evaluation.
How is it evaluated?
They put it through volume tests, but the end product is more important. The toughest thing we’re doing now is destroying solid state drives. There’s so many layers of information in those, so it’s a two-step situation.
Growing secure data destruction device manufacturer has said the change will take place on November 1
SEM will continue to provide the same product offerings and superior service that SITES clients have come to expect.
Security Engineered Machinery Co., Inc. (SEM), global leader in high security information end-of-life solutions, announced late Tuesday afternoon that it will no longer market SITES-branded equipment as of November 1. All products previously branded under SITES will continue to be sold globally under the SEM brand.
Andrew Kelleher, SEM President and Chief Executive Officer, says the decision to discontinue the SITES brand came as a result of extensive market research and product review. “The SITES brand was originally started to serve our growing commercial client base, but we found that there was significant overlap with our government and commercial clients,” said Kelleher. “We also found that there was significant product redundancy between the SEM and SITES brands, which the simplification will resolve. We are appreciative of our clients and resellers who have worked with us under the SITES brand and are diligently working through a seamless transition with them.”
In business for over 50 years, SEM sells primarily to United States federal government entities including the military, FBI, CIA, DoD, Department of State, and Department of Treasury. SEM will now also service existing SITES commercial clients including data centers, financial services companies, healthcare organizations, security printers, and cloud solution providers and will directly market to commercial clients under the SEM brand moving forward.
“Eliminating the SITES brand enables us to sharpen our focus on the strong industry reputation and significant global brand awareness of SEM,” added Kelleher.
SEM will continue to support existing SITES products through parts availability and its world-class sales and service teams. The new commercial section of the SEM website can be accessed via the green tab at the top of the page.
SEM recently installed a classified data destruction facility at Patch Barracks in Stuttgart-Vaihingen, Germany under the direction of EUCOM, AFRICOM, and the 405th Army Field Support Brigade. The centralized facility, in support of local operations, is a green operation providing for zero landfill and recycle of all materials. The facility includes an SEM Model DS1436 NSA listed dual stage disintegrator with trio briquettor for bulk paper destruction along with multi-media destruction equipment capable of destroying complete Laptops. Two SEM Model EMP1000-HS NSA listed high security degaussers, two SEM Model 0304 high volume combo HDD/SSD hard drive shredders, two 0202 Optical Medial destroyers, and an existing SEM Model DS1436 disintegrator provide total redundancy of all destruction capabilities. These devices provide a destruction solution for all levels of classified paper, optical media, and hard drives. SEM’s own Todd Busic, Ricardo Leon, and Don Donahue were on site to finalize the installation and provide systems start-up and training to staff. A ribbon cutting ceremony was held Friday October 12th where Garrison Commander Col. Neal A. Corson officially opened the facility for operations. Special thanks to EUCOM, AFRICOM, DPW, and the 405th for working as a trusted partner with SEM to ensure timely and successful completion of this important project.
Ribbon cutting ceremony for the Classified Destruction FacilityThe project was completed with support from EUCOM and AFRICOM.Patch Barracks main gateSuccess! The destruction facility is fully operational. Todd Busic is pictured right.The disintegrators are high capacity, capable of destroying entire boxes of paper material at once.SEM Engineer Ricardo Leon worked on the master control panel during the installation.The team even celebrated with a custom made cake.
Organizations frequently use paper shredders and computer media destroyers that are approved for the highest security materials they ever have, using that equipment for all of their materials in a single stream process. Also common is to get the highest security level device that is available, even it goes well beyond the level of destruction mandated for or customarily used for the materials they actually have. This could be called a “better safe than sorry” philosophy for media destruction.
For some information destruction equipment, like office paper shredders, choosing the most secure equipment for everything can often work out alright. This choice will almost always be more costly than selecting the minimum security level device for each type of material for which it will be used. However, a greater cost is often accepted in return for the confidence of having the greatest possible degree of information destruction. For paper shredders, the highest security level means the smallest particle size, typically produced by NSA listed models.
The situation for solid state media destroyers is very different. As a rule, dramatically greater hassle and cost will come from choosing the most secure possible device. Solid state materials include whole solid state drives, flash memory sticks, thumb drives, circuit boards with flash storage, cell phones, and some smart cards. The highest security level for destroying these types of materials is the NSA standard, currently set at a maximum of 4mm squared, with compliant devices typically producing a particle size of 2mm x 2mm. This particle size is required by the NSA for classified solid state items.
At the time I am writing this, the choices for NSA listed SSD destroyers are minimal. There is only one office friendly device with extremely limited capabilities. There are also a couple of large industrial type devices suited for folks with large spaces and large budgets. With the current set of choices, getting an NSA listed SSD destroyer means enormous costs. Adding to the large initial cost, operational labor (due to very slow throughput), replacement parts, repairs, and preventive maintenance are very high for these machines.
The reality is that many organizations don’t need an NSA level of destruction for all of their solid state materials. Often the classified items are only a very limited part of the mix. In these cases, there are a few ways to save a lot of money and hassle. If none of the solid state items to be destroyed are actually classified, there are machines that are many times faster, much more rugged, and are a small fraction of the cost of the NSA listed machines. These devices produce high to extreme levels of destruction, well beyond any reasonable likelihood of reconstruction of any data. If only a portion of the items in the mix is classified material, a major bump in productivity plus significant savings can come from using one of these lower cost devices for the unclassified items. Even if an NSA listed SSD destroyer is brought in, the load on it can be reduced by using a second machine for the unclassified materials. This type of dual stream process can save many times the cost of the second machine in terms of reduced purchases of repairs, maintenance, and spare parts.
When it comes to solid state media destruction, for folks whose materials are all or mostly unclassified, going with general purpose SSD destroyers offers these benefits over NSA listed SSD destroyers:
Up to 20 times faster throughput
Minimal service needs, even zero service needs through thousands of cycles
Ability for most models to take whole SSDs with no assembly
Models that run off of regular 120V wall current
Dramatically lower cost for the equipment, ongoing service, and parts
Of course, technologies change over time. New products will surely come out. NSA certifications will change. It is a moving parade over longer time scales. But, for now, a great strategy for dealing with solid state media destruction that is partly or totally unclassified is to get a good general purpose SSD destroyer that provides a satisfactory level of destruction.
Bob Glicker, Mid-Atlantic Regional Sales Manager, has over 35 total years of sales experience with over 23 years of targeted government sales experience. Bob prides himself on providing the highest level of service to his government clients, and he enjoys working with key resellers. Bob received his BS in Chemistry from the University of Maryland, College Park. In his free time, Bob enjoys a variety of activities including gym workouts, cycling, reading, and listening to podcasts. He is also an avid science lover, an amateur juggler, a vegetarian, and the quintessential family guy.
If you deal with sensitive drives, the NSA/CSS requirements for destruction of classified and higher drives requires that they first be degaussed by an NSA approved degausser and then physically destroyed. This 2-step process is not complete without the third critical step: documentation/destruction audit trail of everything destroyed. Therefore, you must properly document before you degauss and then destroy.
An important part of any HDD/SSD media destruction program is the accurate creation of a complete end of life audit trail. Until now it has been up to the operator of the degausser/destruction equipment to fill out the appropriate tracking form by hand, recording the serial numbers of the drives destroyed so there is a record of who, what, where and when they were destroyed. This is a very time-consuming and tedious process, and one that is prone to unintentional errors in the serial numbers recorded. The need for accuracy in this documentation is extremely important in the event of an audit or the need to track a specific drive — especially a classified one.
The iWitness is a plug and play documentation tool that is both accurate and time-saving
Whether you have ten drives or 10,000 drives to destroy, an easy way to streamline the process and dramatically increase the speed and accuracy while gathering additional information on the specific drive’s destruction is to automate the process using the SEM iWitness audit-friendly media tracking and end-of-life documenting solution.
The iWitness is a simple plug and play, end-of-life documentation tool for IT destruction. The iWitness consists of a laptop with a 15” screen, a handheld barcode scanner, and pre-loaded iWitness software, and is the only system that is fully SCIF compliant right out of the box. This SCIF compliant system is completely stand-alone and does not need to connect to a network. The software is installed on a guest account, the Wi-Fi and Bluetooth are disabled, it has no cameras, and writes to a CDR — absolutely no USB is required. The iWitness system is the ideal solution for classified environments and SCIFs.
The iWitness comes complete with a laptop, scanner, and pre-loaded software
The process is simple: just scan an HDD or SSD bar code and the software records the media and documents the erasure status and gauss level, after which the information can be exported to a cross-compatible CSV file and saved to a CDR or, if preferred and not in a SCIF, a USB drive. The iWitness not only keeps an audit trail, it also prompts the operator through every step of the process, so no step is missed. The software records manufacturer, model, serial number, destruction method and device used, operator name, time, and date. In addition, the iWitness can be easily customized to record additional drive information as required.
This machine is compatible with the SEM EMP-1000HS and EMP-1000 degaussers, as well as the entire line of SEM HDD/SSD crushers, shredders, and disintegrators. It can also be used with non-SEM destruction devices if preferred. When used with an SEM degausser, the iWitness system provides erasure verification by recording the Pass/Fail status and the magnetic field strength communicated directly from the degausser via a barcode displayed on the degausser’s LCD panel, which can be scanned with the iWitness to confirm sanitization. This is an exclusive compatibility feature of SEM degaussers; however, competitive degaussers can also be used without this feature.
The SEM iWitness offers a full-featured solution to the cumbersome chore of filling out various documentation forms, making your audit trail recording a breeze. The iWitness complies with all major security requirements including NIST SP 800-36/NIST SP 800-88, PCI DSS, HIPAA, FACTA, FISMA, PIPEDA, GLBA, CCPA, and FCC standard. If time savings, increased recording accuracy, operational simplicity, and regulatory compliance are important to your organization, the SEM iWitness would be a great addition to your media destruction program.
Mike Wakefield, Southeast Regional Sales Manager, has over 34 years of sales experience, 25 of which have been with SEM, and he is a Subject Matter Expert in data destruction and government contracting. Throughout his career at SEM, Mike has worked with key clients including the federal government, U.S. military, defense contractor community, and Fortune 500 companies. Mike prides himself on being able to anticipate new markets and emerging technologies while also working with the intelligence community to meet current and future needs, all while protecting the environment.
“I also wanted to send a few words about Chris Hunt, the unassuming guy that showed up for the last maintenance call. I wanted to let you know, he did THE best service call ever done on my machine. His thoroughness and attention to detail blew me away. Every little I dotted and T crossed. Not only does it sound like it is running in top shape, it actually IS running smoother and better than it ever has. Kudos to the man!”
“I wanted to drop a quick note to let you know how helpful and professional Paul was while at our building. He took the time to work through the equipment, perform the PM [preventive maintenance], and offer suggestions on how to avoid any future issues with our equipment. He also made the effort to answer a few questions we had about new equipment we might need later down the road and was very knowledgeable about the various machines and their capabilities. We greatly appreciated his time, effort, and knowledge during this call and wanted to make sure that was passed on.”
Yes, maintenance matters. The main purpose of maintenance is to ensure that all equipment required for production is operating at 100% efficiency always. Simply stated, it’s less to maintain than repair.
When you are fortunate enough to work for a company like SEM that employs a full department of service technicians, you know you are in great hands. I recently walked out of my office, walked to the factory floor, and decided to interview the newest member of our team to the most senior and those not on service calls in between. The result: “It’s like owning a car. “What’s more interesting, when I walked over to the business side and asked what are the three most important things you need when buying a car? Not one person said a maintenance plan.
Why are both conversations just as important? We want the shiny, solution-based machine to do the work it was intended: destroy after we decommission for security and compliance purposes in the data center. Yes, those shiny machines are EPL listed, support the NIST standard, are approved for compliance with SOX and more, but wait — you are putting drives with platters 10 high through them, blades are shredding them, and you must maintain? Is that another set of decision makers and supply chain engagement? You bet that is.
The SEM service team
Back to the car. Models don’t matter, users do. The “business” purchases the machine, the “users,” the security staff, the facility ops, and the decommissioning team (or however you are structured) now must maintain it. They don’t want to own this task in many cases. For the record, there are some data centers that are very appreciative of their people when doing this task — and they are doing it well. It’s the minority.
I don’t change my own oil or rotate my tires; rather, I happily pay someone. As Don Donahue, head of our Technical Service Team, stated, “If you don’t maintain equipment, it will let you down.” The net net: pay for maintenance upfront or pay for service at a higher cost later. In the end you are still going to pay. The question is, can you afford down-time? With what level of risk are you secure?
Safety — let’s go there. If your car is making weird noises and you keep driving it, thinking “I’ll get to it after one more errand,” you’re gambling with your own safety. Likewise, if your data destruction device is making weird noises and you think “just one more drive to destroy,” you’re asking for trouble. It’s like the insurance company commercial: “We’ve been here, we’ve seen this”. Don’t go there. Choose safety first, because it matters.
Whether brakes and tires or bearings and belts, parts wear out. Wouldn’t you rather hear the service maintenance person tell you they replaced the belts because there was wear without you asking or assuming everything was fine?
“But the operational manual says….” Hold that phone. Do you drive your vehicle the exact same way that I drive my Volvo? No. Do you put the exact same drives through your destruction machine that we do? No. Manuals are guidelines, you can argue until the belts break but, in the end, I drive my car in the Northeast through horrors of snow and ice with no garage, while you drive your car in sunny California and have a climate-controlled garage. From humidity to environmental erosion to mis-use to proper use, no miles or hours on a machine will be the same.
Now you understand no two experiences are the same, but the common understanding is the necessity of maintenance of your machines. Each of us will value this investment differently, but which one of us will do it for preventative reasons and which one will do it as an emergency?
For the record, when I buy a car it’s about the maintenance and warranty – I spend too much time at SEM to not be smart – maintenance first and then the machine. By the way, my Volvo not only doesn’t break down – it’s also sapphire blue.
July 18, 2018 was National Hot Dog Day and SEM celebrated in style by having Tony Island Hot Dogs from Oxford, Massachusetts bring their world famous hot dog cart to SEM headquarters. SEM employees enjoyed hot dogs with all the fixings as well as homemade sauces and sodas, and the weather was absolutely picture perfect. One of the most popular dogs was the Bacon Jammer, but employees also raved about the chili cheese dog. Tony Island even brought vegan dogs for the resident vegan! The lunchtime outing was a fun way to enjoy each other’s company while celebrating such an important (?) national holiday. Happy Hot Dog Day!
