Since the first days of chat message boards and social media profiles, we’ve all heard the saying, “don’t put all of your information online because it never truly goes away.” The same can be said for end-of-life data and information on rotational hard disk drives (HDDs): once information is on there, it’s sometimes near to impossible to fully remove. Aside from implementing a secure, in-house destruction plan, there are many other methods we do not recommend using. Let’s break some of those down.
Recycling and/or Throwing Away
While we support the green initiative in trying to recycle your end-of-life drives, unfortunately, this cannot be securely done. For starters, the majority of our waste and recycling ends up in landfills and dumpsters which are gold mines for hackers and thieves. On top of that, recycling and waste is not transported securely, making it easy for people to intercept and have access to your most sensitive information.
It is reported that, on average, recyclables and waste sit on sorting floors for up to four weeks before finally being destroyed. Anything can happen within that length of time! After this period, remnants of your information or data are not magically sorted; dozens of employees’ sort what the machines cannot and have direct access to your data. By opting for a seemingly eco-friendlier alternative, you will only put your data at more risk.
Deleting and/or Overwriting
One of the more common (and misleading) data destruction misconceptions is that erasing or overwriting the information of an end-of-life drive and degaussing are synonymous with one another. While methods such as cryptographic erasure and data erasure would allow the drive to be used again, it is not a secure and foolproof destruction. Information, whether encrypted or unencrypted, can still linger behind on the drive and be accessed, even if it has previously been deleted or overwritten.
Burning a hard drive, whether with a blow torch or roasting it on a stick, is highly discouraged. Not only would this require protective gear and holding platters at a safe distance with a heat resistant tool, but burning hard drives will also lead to harmful fumes to be released into the air in the process.
Unfortunately, just because a drive experiences physical damage, it does not mean that the information has taken the same hit. Take for instance the 2003 explosion of the Columbia space shuttle. As the spacecraft made its way into the atmosphere, a piece of the insulation foam had detached, causing it to become enflamed and combust. The horrific disaster resulted in the loss of everyone aboard as the shuttle disintegrated on its way back to Earth.
Just about six months later, a rotational hard drive that was aboard the Columbia was found in a riverbed. It was discovered that the drive had not only survived the initial explosion, but it also survived a 40-mile fall while on fire at terminal velocity and staying in a muddy riverbed for six months. The most interesting part? Even after surviving all of that, it was discovered that 99% of the data that resided on the drive was recovered. It’s safe to say that burning a hard drive is not only harmful to you and the environment but is a tactic that simply won’t work. We suggest sticking to roasting just marshmallows over future fires.
ITADs, or information technology asset disposition companies, are third-party vendors that sanitize and destroy end-of-life data and drives. While the appeal of these types of companies can be quite convincing, we at SEM do not recommend utilizing these types of companies when getting rid of your end-of-life data. While there are some reputable ITAD and data sanitization companies out there, the risk may not be worth the convenience. Security risks can be unpredictable and potentially catastrophic as it can be far too easy for ITAD vendors to misuse, mishandle, and misplace drives when in transportation, destruction, or disposal. It has also been reported that some vendors sell end-of-life devices and their sensitive information to online third parties.
During the summer of 2020, financial institution Morgan Stanley came under fire for an alleged data breach of their clients’ financial information after an ITAD vendor misplaced a number of drives that were storing personally identifiable information (PII). Instead, we suggest purchasing one of our NSA listed devices, keeping the chain of custody within the company, and conducting all destruction in-house.
- Submerging the HDD in acid
- Using a drive as target practice
- Running over HDDs with your car
- Giving HDDs a bubble bath
- Physical destruction with a blunt object
- Attaching industrial-strength magnets
Regardless of the catalyst for end-of-life drive destruction, it is always best practice to conduct destruction and degaussing in-house. While degaussing is not possible for the destruction of end-of-life data on solid state drives (SSDs), SEM recommends always following NSA standards and degaussing all magnetic media, including hard disk drives (HDDs), prior to destruction. Solid state drives (SSDs) and optical media cannot be degaussed, so crushing and/or shredding is recommended.
By first degaussing then physically destroying HDDs, companies are choosing the most secure method of data destruction per NSA guidelines as this is the only way to be certain that the end-of-life data has been properly destroyed. When magnetic media is degaussed, our devices use powerful magnetic fields to sanitize the magnetic tapes and drive, wiping all sensitive information from the device. This act renders the drive completely inoperable, which should always be the end goal. Once the device has been degaussed, it should be physically destroyed. The combination of degaussing and physical destruction for HDDs is without a doubt the most secure method of ensuring your end-of-life data stays at the end of its life.
It is also important to remember that a data breach is a data breach, no matter the level of impact. While not all degaussing machines are adequate to demagnetize all rotational hard disk drives, at SEM we have an array of various high security NSA listed/CUI and unclassified magnetic media degaussers to meet any need and regulation.