Tag: destroying hard drives

How NOT to Destroy Hard Drives

March 2, 2021 at 8:00 am by Amanda Canale

Since the first days of chat message boards and social media profiles, we’ve all heard the saying, “don’t put all of your information online because it never truly goes away.” The same can be said for end-of-life data and information on rotational hard disk drives (HDDs): once information is on there, it’s sometimes near to impossible to fully remove. Aside from implementing a secure, in-house destruction plan, there are many other methods we do not recommend using. Let’s break some of those down.

Recycling and/or Throwing Away

While we support the green initiative in trying to recycle your end-of-life drives, unfortunately, this cannot be securely done. For starters, the majority of our waste and recycling ends up in landfills and dumpsters which are gold mines for hackers and thieves. On top of that, recycling and waste is not transported securely, making it easy for people to intercept and have access to your most sensitive information.

It is reported that, on average, recyclables and waste sit on sorting floors for up to four weeks before finally being destroyed. Anything can happen within that length of time! After this period, remnants of your information or data are not magically sorted; dozens of employees’ sort what the machines cannot and have direct access to your data. By opting for a seemingly eco-friendlier alternative, you will only put your data at more risk.

Deleting and/or Overwriting

One of the more common (and misleading) data destruction misconceptions is that erasing or overwriting the information of an end-of-life drive and degaussing are synonymous with one another. While methods such as cryptographic erasure and data erasure would allow the drive to be used again, it is not a secure and foolproof destruction. Information, whether encrypted or unencrypted, can still linger behind on the drive and be accessed, even if it has previously been deleted or overwritten.


Burning

Burning a hard drive, whether with a blow torch or roasting it on a stick, is highly discouraged. Not only would this require protective gear and holding platters at a safe distance with a heat resistant tool, but burning hard drives will also lead to harmful fumes to be released into the air in the process.

Unfortunately, just because a drive experiences physical damage, it does not mean that the information has taken the same hit. Take for instance the 2003 explosion of the Columbia space shuttle. As the spacecraft made its way into the atmosphere, a piece of the insulation foam had detached, causing it to become enflamed and combust. The horrific disaster resulted in the loss of everyone aboard as the shuttle disintegrated on its way back to Earth.

Just about six months later, a rotational hard drive that was aboard the Columbia was found in a riverbed. It was discovered that the drive had not only survived the initial explosion, but it also survived a 40-mile fall while on fire at terminal velocity and staying in a muddy riverbed for six months. The most interesting part? Even after surviving all of that, it was discovered that 99% of the data that resided on the drive was recovered. It’s safe to say that burning a hard drive is not only harmful to you and the environment but is a tactic that simply won’t work. We suggest sticking to roasting just marshmallows over future fires.

Photo of recovered Columbia space shuttle hard drive


ITAD

ITADs, or information technology asset disposition companies, are third-party vendors that sanitize and destroy end-of-life data and drives. While the appeal of these types of companies can be quite convincing, we at SEM do not recommend utilizing these types of companies when getting rid of your end-of-life data. While there are some reputable ITAD and data sanitization companies out there, the risk may not be worth the convenience. Security risks can be unpredictable and potentially catastrophic as it can be far too easy for ITAD vendors to misuse, mishandle, and misplace drives when in transportation, destruction, or disposal. It has also been reported that some vendors sell end-of-life devices and their sensitive information to online third parties.

During the summer of 2020, financial institution Morgan Stanley came under fire for an alleged data breach of their clients’ financial information after an ITAD vendor misplaced a number of drives that were storing personally identifiable information (PII). Instead, we suggest purchasing one of our NSA listed devices, keeping the chain of custody within the company, and conducting all destruction in-house.

data-theft
Other (Un)Worthy Methods

  • Submerging the HDD in acid
  • Using a drive as target practice
  • Running over HDDs with your car
  • Giving HDDs a bubble bath
  • Physical destruction with a blunt object
  • Attaching industrial-strength magnets

Regardless of the catalyst for end-of-life drive destruction, it is always best practice to conduct destruction and degaussing in-house. While degaussing is not possible for the destruction of end-of-life data on solid state drives (SSDs), SEM recommends always following NSA standards and degaussing all magnetic media, including hard disk drives (HDDs), prior to destruction. Solid state drives (SSDs) and optical media cannot be degaussed, so crushing and/or shredding is recommended.

By first degaussing then physically destroying HDDs, companies are choosing the most secure method of data destruction per NSA guidelines as this is the only way to be certain that the end-of-life data has been properly destroyed. When magnetic media is degaussed, our devices use powerful magnetic fields to sanitize the magnetic tapes and drive, wiping all sensitive information from the device. This act renders the drive completely inoperable, which should always be the end goal. Once the device has been degaussed, it should be physically destroyed. The combination of degaussing and physical destruction for HDDs is without a doubt the most secure method of ensuring your end-of-life data stays at the end of its life.

It is also important to remember that a data breach is a data breach, no matter the level of impact. While not all degaussing machines are adequate to demagnetize all rotational hard disk drives, at SEM we have an array of various high security NSA listed/CUI and unclassified magnetic media degaussers to meet any need and regulation.

In-House Solutions for End-of Life Hard Drives in Data Centers

June 1, 2014 at 5:02 pm by SEM

Today, data centers are the backbone of of our digital information society. The question is: do you have a solid plan in place to effectively and securely handle your drives at end-of-life?

Whether it’s just disposing of a few failed drives, or a planned system upgrade, eliminating data from hard drives is one of the most critical elements of limiting liability in any data center.

The sensitive nature of the information on your drives makes it absolutely critical that when a drive fails or comes to end-of-life (EOL) that you efficiently, effectively and securely eliminate the possibility of that data being accessed on any defective or obsolete hard drives.

As data storage technology evolves, so must the data eliminations and destruction process. Depending on the security level of the drives, classified, top secret, or just sensitive, there are many ways to accomplish this vital task.

If you operate a data center with government classified or top secret information, according to the NSA, you need to first sanitize, also known as degaussing, a hard drive with an NSA approved device. Then once degaussed the hard drive must be shred, punched or otherwise physically destroyed.

More detailed information on degaussing options can be found here.

If you don’t have any government secrets on your drives or a strict internal policy, all you need to do is physically destroy them. No degaussing is required.

Crushers that punch and bend the drives are a great option for small batches of drives, or as support for smaller data centers, shipping them out to use as needed.

Whitaker-crusher-HSM-crusher-Garner-crusher
SEM Model 0101 HDD Crusher

Today, there are many different hard drive shredders available for any application. These shredders can destroy between 50 and 3,500 drives an hour. The particle size you can choose from based on your security requirements can be anywhere from 3/4’”to 1-1/2” wide by random length. Hard drive shredders like these can quickly, efficiently and securely take whole drives and turn them instantly into highly recyclable metal scrap, making the drives unrecognizable and the information irretrievable.

More information about crushers and shredders can be found here.

fast-hard-drive-shredder
SEM Model 0305 HDD Shredder

Another major security concern for data centers is that many do not want to remove or transport the drives from the site or let anyone come on-site for HDD destruction. With some of the options shown above, destruction cab be completed in house and on-site to maintain the security of the site while meeting all destruction requirements. For smaller data centers that would not need a large full time device, many of these solutions are small enough to be shipped anywhere in the world from site to site as needed! This saves time, money and enhances a sites security by keeping contact with the data to internal personnel only.

As we have discussed, protecting the information and preventing unauthorized access to your obsolete drives and the information on them is the most critical element in managing your liability and reducing your risk.  Many companies have already taken steps to prevent future problems. Will you be next?

See this video about how Google is tackling this challenge:

Is your company ready to maximize your hard drive security while minimizing the liability? If you have any additional questions about what solution is the best for you, SEM is here to help. Contact us today to ensure your data is destroyed safely, securely, and to all spec and regulations that need to be met.