Is Shredding Hard Drives the Best Option?
We’re glad you’re here, because we know that you’re already taking data security seriously. You just can’t be involved in the information technology asset disposal (ITAD) industry without being conscious and careful regarding issues of data security.
This might seem odd, but we are talking about NOT shredding hard drives. Before we get going, we aren’t attempting to talk you out of shredding. It’s quick, cost-effective, and extremely successful when it comes to securing data on used hard drives. It works for a lot of our clients. Plus, you know what they say about fixing things that aren’t broken.
Even with the high marks that we give shredding, we want to give you options. It’s not the only way to secure data on unused hard drives.
Are you saying that we don’t need to shred hard drives?
Without a doubt, shredding a hard drive is going to make any data irrecoverable. There’s just no way that anyone is going to reassemble a pile of metal and glass mulch into anything that will yield useful data. The level of security that comes from shredding is clear.
So there are benefits to not shredding?
A hard-drive that isn’t shredded actually has quite a few options. It can be sanitized, and once cleaned, it can be re-used, sold, donated, or stripped down for parts. Everyone wins.
That’s great, but what about security? Nothing’s as good as shredding, right?
Shredding is definitely a reliable way to destroy data, but it’s not the only way.
Can a hard drive actually be sanitized of all its data?
We’ll let you do a bit of reading, but the best practices for media sanitization are outlined in Special Publication 800-88 from the National Institute of Standards and Technology, also referred to as just the “NIST 800-88” standards.
You can read more about them here. These guidelines specify three different methods for negating data.
- Clear – Using software or hardware, every user-accessible part of a storage device is over-written with 1’s and 0’s, or using manufacturer’s reset options when overwriting isn’t possible. This protects the data from a standard keyboard-based retrieval attempt.
- Purge – Overwriting, block-erasing, or cryptographically erasing data using commands and techniques that bypass typical read and write commands. This protects data from specialized, laboratory-based attacks.
- Destroy – Physical destruction that makes it unfeasible to try to reconstruct any data, even under laboratory conditions.
That sounds nice, but who’s going to all that trouble? Isn’t everybody just shredding the old hard drives?
You might recognize names like the US Department of Justice, the Federal Trade Commission, or the Internal Revenue Service. NIST is also a recognized standard for data control under the Health Insurance Portability and Protection Act (HIPPA). If it’s good enough for the people with all the health records and tax returns, it might be worth giving it a thought, don’t you think?
Even if we follow these standards, data can still be reconstructed, right?
To date, there has not been a single record of anyone retrieving data from a storage device that was cleaned up to NIST standards. It’s far more likely that a security breach will result in stolen data than someone finding a way to un-clean a cleaned hard drive.
But shredding is still an option, right?
You bet! Shredding is quick, reliable, and always an option. We certainly don’t want to talk you out of it, but it’s always nice to know that you have plenty of options that let you realize value from old equipment while still keeping your data secure.
When you need options with the handling of hardware that’s broken, obsolete, or just unused, CDR Global is going to show you the wide menu of services that let you realize the value of almost any piece of equipment you can imagine.
Get in touch with us today and one of our ITAD specialists can discuss your situation and come up with a customized solution that meets you needs, budget, and timeframe.