Tag: degauss and destroy

HAMR vs. MAMR: What’s the Difference?

May 14, 2021 at 5:59 pm by Amanda Canale

Before we get into the nitty gritty differences between HAMR and MAMR and what they are, we want to give a quick refresher on hard disk drives (HDDs) and solid state drives (SSDs).

HDDs

Hard disk drives (HDDs) are a type of data storage device that use rotating disks, platters, and magnetic material to store and retrieve data. HDDs also contain actuator arms that read and write data while the rotational platters spin. While HDDs are cheaper and can store more data than their counterpart the SSD, they are slower and susceptible to data loss when interacting with magnets due to their internal magnetic material.

When it comes to destroying end-of-life HDDs, SEM always suggests best practices per the National Security Agency (NSA). Depending on the information stored on HDDs, they should always be destroyed either by shredding or crushing; however, if a drive contains classified information, degaussing prior to destroying the drive is required. Degaussing is the process by which a drive’s magnetic field is essentially scrambled, making the data and drive completely inoperable. Once degaussed, the drive should then be crushed or shredded by an NSA approved crusher or shredder. Combined, this is by far the most secure method of data sanitization for HDDs.

HDD-degauss

SSDs

Solid state drives (SSDs) are another type of data storage device that store data using integrated circuits. Unlike HDDs, SSDs do not include an actuator head and instead store information into cells that can be retrieved instantaneously. SSDs are also quite faster than HDDs, causing computers to run much more quickly. The downside? SSDs store less data per drive and can be significantly more expensive.

Since SSDs do not contain magnets, they cannot be degaussed. Therefore, they must be destroyed by a machine that is SSD-specific given the necessary final particle size. The final particle size is crucial to ensuring that none of your SSDs’ information is left behind. Since SSDs do not contain rotational platters, any small chip that is not destroyed can potentially contain proprietary information and get into the wrong hands. The NSA requires that end-of-life SSDs containing classified information be destroyed to a final particle size of 2mm or less. Drives containing other kinds of information can be destroyed in an SSD disintegrator, shredder, or crusher.

Now let’s get to it! Technical lingo aside, the two main techniques used to increase a hard disk drive’s capacity are adding more platters to the drive in order to increase its density, or adding more bits (or pieces of data) on a disk. Heat-assisted magnetic recording (HAMR) and microwave-assisted magnetic recording (MAMR) are just two steps in the evolutionary trajectory of data storage management.

HAMR

Since the media must be heated as data is being written, heat-assisted magnetic recording (HAMR) uses laser-powered heat to the drive’s grains, reducing the drive’s magnetic hardness. This process allows the drive to flip its magnetic polarity, and therefore bit value, through the temperature changes. This method uses recording material that is less prone to thermal instability, leading to smaller recording bits in HDDs, and greater stability and reliability of media.

MAMR

Microwave-assisted magnetic recording (MAMR) uses a different technique to essentially accomplish the same goal. Instead of laser-powered heat, MAMR uses 20-40 GHz frequencies to bombard the HDDs disk platter with circular microwave fields. During this method, the drive’s actuator head uses a spin-torque oscillator that creates an electromagnetic field near the write pole at a lower magnetic field that enables denser and more reliable drives. Unlike HAMR, MAMR can flip the domain’s magnetic polarity much more easily.

While both methods serve essentially the same purpose of lowering magnetic hardness to increase storage capacity, some experts cannot seem to agree which is more sustainable. While MAMR technology is expected to increase an HDD’s capacity from 4 TBpsi to approximately 40 TB, HAMR can only increase its capacity from 2 TBpsi to between 20 and 40 TB. HAMR supporters claim that the laser technology allows drives to spin for much longer and with fewer issues, whereas MAMR supporters claim that high heat actually causes a drive to burnout faster.

It is important to note that HAMR drives cannot be degaussed at this point. Conversely, MAMR drives CAN be degaussed; that said, a question remains on the required gauss level to fully sanitize MAMR drives. Existing degausser technology is such that residual data remains on degaussed MAMR drives even when using a 20,000 gauss NSA listed degausser. It is therefore accepted within the industry that existing NSA listed degaussers will be insufficient to sanitize HAMR and MAMR drives and that these drives will need to be either disintegrated to 2mm or incinerated at end-of-life.

Level 6 Data Centers: Best Practices in Security

September 22, 2020 at 9:00 am by Amanda Canale

Over time, data center infrastructures have evolved from mainframes to cloud applications and can now take on various forms. The type of data center depends on the facility’s primary functions, how it is supported, and size. Based on these criteria, there are four main types of data centers: enterprise data centers, managed services data centers, colocation data centers, and cloud data centers. In addition to storing, managing, and circulating data, data centers also manage physical security systems, network and IT systems, power resources, environmental control, and performance and operational management.

Depending on the size and function of the data centers, some companies are known to have multiple centers in various locations that can store different data or serve as a centralized backup site. This helps to prevent the data from being destroyed due to natural or man-made disasters or in the instance of an outage. There are several levels to data center security, the highest level being Level 6. SEM devices are often part of a robust Level 6 data security program, as seen in this Google data center video.

Natural disasters aside, Level 6 data centers offer the utmost advances in modern data security to ensure that none of the data they store and manage gets into the wrong hands. Below we have broken down each security level within a Level 6 data center and offer an inside peek at just how difficult they can be to hack.

Level 1
Regardless of the kind of data center, the first level of security is the physical property boundaries surrounding the facility. These property boundaries typically include signage, fencing, and other significant forms of perimeter defenses.

Level 2
Once the physical property boundaries have been bypassed, the next level of security is a secure perimeter. Here, someone can enter through the main entrance gate and be met by 24/7 security guard staff, comprehensive camera coverage, smart fencing, and other perimeter defense systems. Once someone has entered the second level, the company’s security personnel have eyes on their every move.

Level 3
Level 3 finally allows physical entry to the data center…well, kind of. Even though someone may have been granted building access, they are still nowhere near the data center floor. This level requires a security search of each individual entering the data center. Employees entering the facility must provide a company-issued identification badge and be subjected to an iris or facial scan to confirm identity. In addition, most data centers only allow one person to badge in through doors at a time. All of these combined layers are to ensure that only approved personnel may enter.

Level 4
Level 4 houses the security operations center (SOC). The SOC is often referred to as the brains of the security system as it monitors the data center 24 hours a day, seven days a week, 365 days a year.  All of the previous layers of security discussed above (from camera footage, ID readings, to iris scans) are connected to the SOC and monitored by a select group of security personnel. Think of this level also as the eyes and ears of the facility.

Level 5
Level 5 is the data center floor – finally! This is where all of the company’s data and information is stored. When at this level, security is much stricter when it comes to access and only a small percentage of staff members have access to this level; typically, only the technicians and engineers so they can repair, maintain, or upgrade equipment. Even when on the data center floor, technicians and engineers only have access to the devices, but not the data itself, as all of the stored data is encrypted (another layer of security!).

Level 6
This is where all of the fun happens. And by fun, we mean data destruction. Security at this level is at an all-time high with even fewer personnel having access. It is at this level where end-of-life of all storage media happens. If a device needs to be destroyed, there is usually some sort of secure two-way access system in place, which can vary depending on the facility. This means that one person drops off the device to a locker or room and another person takes the device away to be destroyed. This step is crucial to maintaining data security protocols so only technicians assigned to the destruction room have access to the devices. It is the role of the technicians in this room to scan, degauss (magnetic media only), and destroy the retired devices.

Leaving the data center is a process just as intensive and secure as entering. Every person leaving the data center floor is subjected to a full-body metal detector and makes his or her way back through each of the previous levels. This is to ensure that no one is able to leave with any devices and each person that has entered can be accounted for when leaving.

In the destruction phase, it is NSA best practice to first degauss the device if it is magnetic media. This practice offers companies the most secure method of sanitization. SEM degaussers use powerful magnetic fields that sanitize magnetic tapes and magnetic hard disk drives. It is this act alone that renders the drive completely inoperable – which is always the goal. Not even the most skilled of hackers will be able to get any information off of the drive, simply because there’s nothing left on it to hack!

The next step is the physical destruction of the drive or device. This can be done by act of crushing and/or shredding. Combined, degaussing and destroying ensure that no information is susceptible to getting stolen and offer the best security in the destruction of your end-of-life data.

One of the most common data destruction misconceptions is that erasing or overwriting a drive and degaussing are the same thing. They’re not. Erasing data isn’t completely foolproof as it’s possible that trace amounts of encrypted and unencrypted data can still get left behind. This becomes a gold mine for hackers and thieves, who then have complete freedom to do whatever they want with your most sensitive and classified information. But remember, degaussing is only effective for magnetic media, such as rotational hard disk drives (HDDs). Deguassing is completely ineffective on solid state drives (SSDs) and optical media; therefore, physical destruction (crushing or shredding) to a very small particle size is best practice for these devices.

Regardless of the type and size of data center, implementing security layers like the ones listed above and destroying end-of-life data in-house are always best practice. By doing so, companies can be confident that their data has been successfully destroyed. Some companies make the mistake of opting for a third-party data sanitization vendor. When going the third-party route, individuals and companies forfeit any and all oversight, which leaves plenty of room for drives to be stolen, misplaced, and mishandled. It is this level of negligence, whether at the hand of the company or vendor, that can cause catastrophic damages to the company, its brand, and its customers.

Hackers do not discriminate. So regardless of the industry, purchasing in-house, end-of-life data destruction equipment is well worth the investment simply because it is impossible to be certain that all data has been destroyed otherwise. This can in turn potentially save the company more time and money in the long run by preventing breach early on.

At SEM we have an array of various high-quality NSA listed/CUI and unclassified magnetic media degaussers, IT crushers, and enterprise IT shredders to meet any regulation – including Level 6! Any one of our exceptional sales team members are more than happy to help answer any questions you may have and help determine which machine will best meet your company or federally regulated destruction needs.

Debunking Hard Drive Destruction Misconceptions

September 9, 2020 at 2:18 pm by Amanda Canale

In October 2019, Blancco, an international data security company, released an article discussing various end-of-life data destruction methods and comparing drive destruction to data erasure. While we agree with some of what was written, we’d like to clear up a few things.

In the article, Blancco recommends weighing the level of impact certain end-of-life data can have in the case of a data breach combined with how quickly the data may age out. They then suggested basing the method of sanitization off of that assessment. We want to stress that there should never be an assessment of this nature when handling sensitive, confidential, or personally identifiable information (PII). It is always best practice to treat all end-of-life data as never aging out and having a potentially high level of harm if breached as both can be impossible to predetermine. Remember, there is no statute of limitations when it comes to data breach, meaning that an end-of-life drive can cause a breach years after it was discarded.

While some companies argue that drives should be reused as a more economical option, we disagree. By reusing devices, a company risks that leftover unencrypted or encrypted data getting into the wrong hands. Companies should future-proof their end-of-life data destruction procedures to ensure the prevention of future data breaches. This will not only save them time and money in the long run but prevents any damages to their customer base and reputation. (It’s better to be safe now than sorry in the long run!)

Blancco also notes that using a third-party vendor to sanitize and destroy end-of-life data and devices is an option. Morgan Stanley recently came under fire for the alleged data breach of their clients’ financial information after an ITAD (IT asset disposition) vendor misplaced a number of various computer equipment that were storing customers’ personally identifiable information (PII). Even though Blancco suggests carefully researching and vetting the vendors to ensure they are properly destroying your devices, introducing a third party significantly increases the chain of custody and companies face a far higher risk of data breach every step of the way when opting for this route.

While there are some reputable data sanitization vendors out there, it can be far too easy for ITAD vendors to misuse, mishandle, and misplace drives when in transportation, and in the actual acts of destruction and disposal. There have even been reports of some vendors selling end-of-life devices and their sensitive information to online third parties. We suggest getting rid of ITADs altogether if they’re part of your device destruction procedure simply because the security risks can be unpredictable and potentially catastrophic. Instead, we suggest purchasing one of our NSA listed devices, keeping the chain of custody within the company, and conducting all destruction in-house. You can read more of our thoughts on Morgan Stanley’s data breach here.

information-destruction

A common data destruction misconception is that erasing or overwriting a drive and degaussing are synonymous with one another. Unfortunately, that kind of thinking can quickly become dangerous depending on the kind of information you are looking to destroy. While methods such as cryptographic erasure and data erasure would allow the drive to be used again, as Blancco suggests, you run the high risk of leaving behind sensitive data which can become a gold mine for hackers and thieves.

While degaussing is not possible for the destruction of end-of-life data on solid state drives (SSDs), SEM always recommends following NSA standards and degaussing all magnetic media, including hard disk drives (HDDs), prior to destruction. Solid state drives (SSDs) and optical media do not require it as part of the destruction process but crushing and/or shredding is recommended. By degaussing HDDs, companies are choosing the most secure method of data sanitization per NSA guidelines as this is the only way companies can be certain that their data has been properly destroyed. When magnetic media is degaussed, the machines use powerful magnetic fields to sanitize the magnetic tapes and drive, wiping all sensitive information from the device. This act renders the drive completely inoperable, which should always be the goal.

Once the device has been degaussed, it should be physically destroyed. The combination of degaussing and physical destruction for HDDs is without a doubt the most secure method of ensuring your end-of-life data stays at the end of its life. Not even the most skilled of hackers will be able to get any information off of the drive, simply because there’s nothing left on it to hack!

Regardless of the catalyst for end-of-life drive destruction, it is always best practice to conduct destruction and degaussing in-house. It is also important to remember that a data breach is a data breach, no matter the level of impact. Blancco writes that, “not all degaussing machines are adequate to the task of demagnetizing all HDDs.” They’re right.

At SEM we have an array of various high-quality NSA listed/CUI and unclassified magnetic media degaussers, IT crushers, and enterprise IT shredders to meet any regulation. Any one of our exceptional sales team members are more than happy to help answer any questions you may have and help determine which machine will best meet your company or federally regulated destruction needs.

Credit Cards & Identity Theft: There’s More Exposure Than You Might Think

August 19, 2019 at 12:23 pm by Paul Falcone

Beyond convenience, credit cards can also provide the cardholder with the ability to build credit (which is necessary for major purchases like buying a home or car) as well as to earn rewards and cash back. However, credit cards can also pose a major threat for identity theft, and likely in more ways than most realize.

Credit Cards & PII

Do you have a credit card? If so, take it out and look at it for a moment. From a glance, there’s a host of obvious Personally Identifiable Information (PII) that’s printed right on it—your name as well as the primary account numbers (PAN), which include the card number, CVV code and expiration date. This PII is certainly sensitive data and in the wrong hands could be used for credit fraud and identity theft.

However, there is also PII contained on your card where you might not think of it. For instance, PII data such as card holder name, service code, expiration date, CVV code and PIN numbers are also stored in the magnetic stripe of the card. Another unseen piece of technology within your credit card that holds the same PII data is an RFID chip. The only way to tell if your card has an RFID chip is if it has the words “Blink,” “PayPass,” or “PayWave” on it, or else a symbol that looks like a Wi-Fi signal turned 90 degrees clockwise.

RFID chips provide further cardholder convenience by allowing payment to occur simply by tapping the card on a pad near the terminal instead of inserting the card into a reader. Even though security codes for your RFID chip are generated every time you use it, it only takes one time for a criminal with the right equipment to intercept your RFID chip communication as you perform a payment transaction and steal all of this sensitive information. (Although the RFID signal is very weak and can only be read from a short distance of a few inches.)

And, even though your credit documentation is likely kept at home or in a credit app, there’s still the threat of theft from the paper trail or digital-document trail of PII connected to the credit card. This includes statements, bills and other communication mailed or digitally transmitted to the cardholder.

Issuers, Printers & PII

You don’t just get a credit card out of thin air. There are other players involved who will also have access to your PII for the application of the credit line as well as the creation of the credit card itself. Obviously, the financial institution and/or lender company that issued the line of credit and therefore the credit card to the cardholder also has full matching records (stored via print and/or digital media) of the cardholder’s PII to authorize and process card transactions.

What is often overlooked is the generator of the credit card, the security printer company that the financial institution and/or lender works with to create the cards. A printing plate unique to the cardholder is used to create the design, lettering and even some security features that are printed onto the card. This means the printing plate contains a copy of your PII. And the tipping foil that’s used to personalize cards can also have PAN left on the foil after it’s been used.

Proper Destruction of Credit Cards & PII Contained

It goes without saying that consumers must properly shred their expired credit cards and shred, pulverize or incinerate all paper documentation related to that credit card that contains PII. If the documentation is stored digitally, the data and the device need to be properly destroyed via software or hardware to clear the data and by overwriting non-sensitive information, or by degaussing the media and rendering the magnetic field permanently unusable, and by destroying the media by shredding, melting, pulverization, disintegration or incineration.

SEM EMP1000-HS Degausser

For a shredder data destruction machine, consumers should follow DIN Standard 66399, at a minimal Level P-5 for the end-of-life destruction of the credit card and ensuing paper documentation. Shredding at P-5 standards ensures the final particle size has a maximum cross-cut surface area of 30mm2 with a maximum strip width of 2mm, or 2x15mm. Shredded data at this size is unlikely to be reproduced even with special equipment.

The financial institution and/or lending institution should practice the same proper end-of-life destruction with their paper and/or digital record trail of the account information containing the consumer’s PII. The financial or lending institution should also ensure that their security printers practice the same standards for the end-of-life destruction of the printing plates and tipping foil used to create the consumer’s card. For these organizations, it’s recommended that they follow DIN Standard 66399 Level P-5, whether it’s for paper or digital media that stores the PII attached to the card and line of credit.

PII Theft Prevention: Complying with Intergraf

In addition to practicing proper data and device destruction when the printing plate and tipping foil reach end-of-life, the security printer should take preventive steps in the creation of the cards and the materials used. One such way to do so is for the security printer to use only printing machinery that’s Intergraf-certified.

Intergraf is a European-based federation for print and digital communication which works to ensure security of the sensitive data stored within those mediums as they’re created. An Intergraf-certified security printer machine provides: a clear structure of requirements and responsibilities, trusted security for printers and suppliers, recognizable reference for governments and industries, prevention of forgery and counterfeiting, maximum security from development to deployment and increased customer confidence and satisfaction.

Intergraf has developed an international standard for security printers and suppliers (.e.g CWA 14641, CWA 15374 and ISO 14298) that also help to direct how these organizations should destroy the printing plates and tipping foil to render them unusable and irrecoverable. For instance, Intergraf stipulates that the destruction standard for printing plates is DIN 66399 P-1, which renders the particle size to a maximum surface area of 2,000mm2, or 12mm strips.

Finding the Right Data Destruction Machine

SEM has both high-volume and high-security shredders that meet the DIN 66399 standards. It’s important to note, too, that SEM recommends on both consumer and commercial level that the machinery is purchased or leased and kept on-site with the consumer or organization. This ensures contact with the sensitive data is limited to only those authorized to receive it.

NIST Guidelines vs. the NSA EPL on Hard Drive Destruction: Clearing Up Confusion

February 5, 2019 at 5:44 pm by Heidi White

hard drive destructionOver the 20 years I have been working for SEM, I have explained to customers and former military colleagues about the requirements for classified destruction. Lately these requirements have become stricter due to the ever-changing technologies. It’s not as easy as just putting your paper in a shredder or disintegrator and walking away knowing your classified is destroyed. Your classified now comes on many types of media. With so many types of media, a requirement had to be set forth by the National Security Agency (NSA) as to how these needed to be destroyed. We will discuss destroying hard drives as it relates to the National Institute of Standards and Technology (NIST) 800-88 and NSA Evaluated Products List (EPL) for Hard Drive Destruction.

For this blog, I will only discuss a brief overview for the destruction of hard disks (SCSI, ATA, SATA). NIST 800-88 explains on page 16, table 5-1 there are three methods of destroying hard disks. The first is to CLEAR. This method uses software to overwrite the storage space on the media with non-sensitive data (unclassified) and gives you the option to reuse your hard drive. The second is to PURGE. This method uses degaussing and the Secure Erase command present on some ATA drives. This method is very effective again for unclassified drives. The third method is PHYSICAL DESTRUCTION. This method is the standard for classified data and it destroys the drive by using disintegration, pulverization, melting, or incineration.

emp 1000HS
SEM’s NSA listed Model EMP1000-HS degausser is an ideal solution for rotational hard drives; however, degaussing has NO effect on solid state media.

The second paragraph of the NSA/CSS EPL for Hard Drive Destruction Devices states, “Hard drive destruction devices on their own DO NOT SANITIZE magnetic and/or solid-state storage devices; use of these machines is only authorized in conjunction with degaussing for routine magnetic hard disk drive sanitization or by themselves only in extreme emergency situations. Sanitization guidance for classified storage devices is located in the NSA/CSS PM 9-12 Storage Device Sanitization Manual.” This leads you to believe that degaussing could be used on a solid state drive (SSD). This is misleading! A magnetic field created by a degausser will cause no damage to an SSD. A degausser will only destroy information on a standard rotational magnetic drive.

ssd shredder
Classified SSDs must be disintegrated to a 2mm particle size.

In the third paragraph it states; “All shredders designed for hard drives are approved for deformation of magnetic hard drive platters. Shredding alone will NOT SANITIZE magnetic and/or solid state storage devices unless a two-millimeter particle size or less of the magnetic disk or solid-state memory chip is accomplished in accordance with NSA/CSS PM 9-12 Storage Device Sanitization Manual.” This states that if you have a hard drive or SSD, you can shred it to a 2mm particle to sanitize the drive. This is confusing. Although the NSA guidelines REQUIRE you to reduce a classified SSD to a two-millimeter particle to render the device sanitized, the machine that does this may not be able to shred a standard magnetic hard disk drive to this two-millimeter particle. This is due to the size and materials used in the manufacturing of a magnetic hard disk.

In conclusion, in order to completely destroy the information in a hard drive is a two-step process for a magnetic hard drive and a single step process for a SSD.

A magnetic disk MUST BE degaussed using an NSA approved degausser THEN physically destroyed. This second step of physical destruction is left up to the end user and can vary greatly. It can be as simple as drilling a hole in the drive, hitting it several times with a hammer, or using a hydraulic punch or hard drive shredder. A solid state drive MUST be shredded to a two-millimeter particle and cannot be degaussed.

If you have any questions or would like to talk to a security professional, feel free to reach out to me or any SEM representative.

Karl Lotvedt, DC Region Sales Support, has over 20 years of experience with SEM, including targeted expertise in understanding military procedures and requirements. Prior to joining SEM, Karl spent 20 years in the United States Air Force including over five years in procurement. Now retired from the Air Force, Karl currently serves as an Air Force resource advisor. Karl received his AA and CIS from National College in Rapid City, SD.

An IT Destruction Audit Trail – How to Simplify the Process

August 23, 2018 at 2:47 pm by Heidi White

HDD-degaussIf you deal with sensitive drives, the NSA/CSS requirements for destruction of classified and higher drives requires that they first be degaussed by an NSA approved degausser and then physically destroyed. This 2-step process is not complete without the third critical step: documentation/destruction audit trail of everything destroyed. Therefore, you must properly document before you degauss and then destroy.

An important part of any HDD/SSD media destruction program is the accurate creation of a complete end of life audit trail.  Until now it has been up to the operator of the degausser/destruction equipment to fill out the appropriate tracking form by hand, recording the serial numbers of the drives destroyed so there is a record of who, what, where and when they were destroyed.  This is a very time-consuming and tedious process, and one that is prone to unintentional errors in the serial numbers recorded.  The need for accuracy in this documentation is extremely important in the event of an audit or the need to track a specific drive — especially a classified one.

The iWitness is a plug and play documentation tool that is both accurate and time-saving

Whether you have ten drives or 10,000 drives to destroy, an easy way to streamline the process and dramatically increase the speed and accuracy while gathering additional information on the specific drive’s destruction is to automate the process using the SEM iWitness audit-friendly media tracking and end-of-life documenting solution.

The iWitness is a simple plug and play, end-of-life documentation tool for IT destruction. The iWitness consists of a laptop with a 15” screen, a handheld barcode scanner, and pre-loaded iWitness software, and is the only system that is fully SCIF compliant right out of the box.  This SCIF compliant system is completely stand-alone and does not need to connect to a network. The software is installed on a guest account, the Wi-Fi and Bluetooth are disabled, it has no cameras, and writes to a CDR — absolutely no USB is required. The iWitness system is the ideal solution for classified environments and SCIFs.

The iWitness comes complete with a laptop, scanner, and pre-loaded software

The process is simple: just scan an HDD or SSD bar code and the software records the media and documents the erasure status and gauss level, after which the information can be exported to a cross-compatible CSV file and saved to a CDR or, if preferred and not in a SCIF, a USB drive. The iWitness not only keeps an audit trail, it also prompts the operator through every step of the process, so no step is missed. The software records manufacturer, model, serial number, destruction method and device used, operator name, time, and date.  In addition, the iWitness can be easily customized to record additional drive information as required.

This machine is compatible with the SEM EMP-1000HS and EMP-1000 degaussers, as well as the entire line of SEM HDD/SSD crushers, shredders, and disintegrators. It can also be used with non-SEM destruction devices if preferred. When used with an SEM degausser, the iWitness system provides erasure verification by recording the Pass/Fail status and the magnetic field strength communicated directly from the degausser via a barcode displayed on the degausser’s LCD panel, which can be scanned with the iWitness to confirm sanitization.  This is an exclusive compatibility feature of SEM degaussers; however, competitive degaussers can also be used without this feature.

The SEM iWitness offers a full-featured solution to the cumbersome chore of filling out various documentation forms, making your audit trail recording a breeze. The iWitness complies with all major security requirements including NIST SP 800-36/NIST SP 800-88, PCI DSS, HIPAA, FACTA, FISMA, PIPEDA, GLBA, CCPA, and FCC standard. If time savings, increased recording accuracy, operational simplicity, and regulatory compliance are important to your organization, the SEM iWitness would be a great addition to your media destruction program.

Mike Wakefield, Southeast Regional Sales Manager, has over 34 years of sales experience, 25 of which have been with SEM, and he is a Subject Matter Expert in data destruction and government contracting. Throughout his career at SEM, Mike has worked with key clients including the federal government, U.S. military, defense contractor community, and Fortune 500 companies. Mike prides himself on being able to anticipate new markets and emerging technologies while also working with the intelligence community to meet current and future needs, all while protecting the environment.

Understanding the “Degauss & Destroy” Requirements for Magnetic Media

December 21, 2010 at 1:16 pm by SEM

The rules for destroying sensitive or classified magnetic computer media, like hard drives and tape cartridges, can be confusing. But in actuality, the data destruction process can be boiled down to a simple procedure.

One question that often comes up is about what is and isn’t magnetic media. Magnetic media always involves a material with a surface that holds information in the form of magnetic traces. That includes standard hard drives, tape cartridges, Zip and Jaz disks, and jump drives. It does not include optical media (CD, DVD, BD) or solid state storage devices (SS hard drives, flash memory sticks, thumb drives, etc.). This is important to note, since degaussers are only useful for use on magnetic media. They can’t be used to wipe information off of optical or solid state storage devices.

There are two basic types of required equipment used for destroying magnetic media: degaussers and physical destroyers, like crushers or shredders. For users with government classified data, the choice is simple- the media must be wiped using an NSA listed degausser before disposal. The NSA mandates physical shredding or crushing as a process for final disposal of classified magnetic media. Approved degaussers can be identified by consulting the NSA Evaluated Products List or by looking at the SEM website under degaussers.

For unclassified media, a physical destroyer can be used as the sole destruction method. Devices that crush or shred hard drives and tape cartridges make these items extremely difficult to extract data from. A physical destruction method can be faster and lower cost than degaussing. This process is often seen as the best choice, when one is not concerned with an adversary with extensive resources available to recover data from scraps.

For classified data, physical destroyers is the step two after degaussing. Media looks no different after degaussing. It looks just like the original classified item. As an additional safeguard, the NSA mandates that all HDDs must be both degaussed and physically destroyed. That means that the hard drives can either be crushed or shredded by a product that is evaluated by the NSA and placed on the Evaluated Products List. SEM has examples of both, and you can see an example of a crusher and a shredder on our site.