A critically important part of data lifecycle management is destroying data at the end of a medium's useful life. If this step is overlooked, it can lead to disastrous results. But the method by which data on a particular medium is destroyed depends on the medium type. Data destruction mechanisms must be employed for paper records, magnetic media, including tapes and hard drives, and storage media such as flash drives or CDs/DVDs that might have sensitive information.
There are multitudes of ways you can make sure that the chances of anyone ever recovering your data are slim to none. Here are five recommended methods for destroying data on magnetic media.
Note: These tips are based on an entry in our Servers and Storage blog.
There are services that will literally shred a hard drive. Take a look at this impressive video, which shows a drive being completely destroyed. For someone to come back after the fact and attempt to reconstruct it — particularly when a single drive's debris is mixed with other debris — would be almost impossible.
In many cases, you can ship the drives to the destruction company. But to maintain a clear and responsible chain of custody, many services will come to you so that you don't have to worry about what happens during transit. You can also buy your own mega-shredder, but those can be pretty expensive.
From a "fun to watch" factor, this method can't be beat!
Hard drives are nothing more than bottles of data held in place by magnetic glue. By removing the magnetic glue, you can create a breakdown of the underlying bits and bytes and scramble them in a way that's tough to recover from. If the degaussing device used is good enough, you'll destroy all of the bits and bytes at the user level as well as the low-level formatting that makes it function as a drive. (If you're serious about data security, you'll use a powerful degausser.)
Although degaussing might be looked at as a way of simply erasing a drive, it's actually a destructive mechanism — though it's not nearly as fun to watch as a shredder.
Powerful degaussers will also render inoperable a drive's servo motors and will damage the spindle motor of the drive. It truly is a paperweight when you're done.
A really good degausser is expensive, but it doesn't cost as much as a really good shredder, and it might be enough for your needs. Also, it's a fast process. Take a look at this YouTube video of a hard drive degausser in action.
3: Department of Defense level data overwrite
If you've been in IT for any period of time, you probably know that deleting a file really doesn't mean that the file is no longer retrievable — it simply means that the operating system has removed it from your view. Retrieving files deleted by the operating system is a pretty trivial task.
So how do you make sure that your deletion process really achieves your data protection goals? Use a process that meets Department of Defense guidelines for data overwrite. This process basically involves overwriting each area of the disk multiple times with different types of data (patterns).
There are all kinds of programs intended to securely delete files and even entire hard drives. For example, the SDelete program from Sysinternals allows you to securely delete a single file, while programs such as East-Tec DisposeSecure extend the protection to full hard drives and include critical validation reports showing the success of the process. Check out Active@ KillDisk and Darik's Boot And Nuke (DBAN), which were recently profiled by my fellow TechRepublic blogger Rick Vanover.
The most committed people may try to find a way to thwart your data destruction efforts, even if you physically destroy the hard drive or wipe its magnetic field.
- The problem: Even after destruction, the hard drive is still in the same physical state, even if it no longer has a magnetic field or is in thousands of pieces.
- The solution: Perform a process that changes the hard drive from a solid into a liquid. This is extreme, but it may be necessary for some kinds of data.
These guys provided a nice overview of the backyard process they went through that guarantees (even more than the methods described above) that no one will be reading data from this physical medium every again.
On a serious note, there is a temperature at which magnetic media loses its magnetism and is no longer able to hold data together. Called the Curie point, after this temperature, the bits and bytes are no longer neatly ordered. Since different kinds of metals are used in varying kinds of magnetic media, I've used the definitive resource — Wikipedia — to show you the Curie points for each metal:
|Substance||Curie temp °C|
|Iron Oxide (Fe2O3)||622|
Whether you smelt it or incinerate it in some way, get your media above these temperatures or change its state to liquid, and your data is much likelier to be safe.
5: Encrypting from the beginning
While this method isn't purely destructive in nature, encrypting the contents of your storage as a routine practice can help you protect against prying eyes when it comes time to dispose of the media, particularly if you store the decryption key away from the media. The downside to this method is that it's not 100% foolproof and can be subverted by someone who really wants the data. The upside is that the attacker needs physical access to the computer's operating system.
What works for you?
How do you accomplish the goal of ensuring that your data remains your data as part of your organization's information security plan? Share your data destruction methods in the discussion.
Since 1994, Scott Lowe has been providing technology solutions to a variety of organizations. After spending 10 years in multiple CIO roles, Scott is now an independent consultant, blogger, author, owner of The 1610 Group, and a Senior IT Executive with CampusWorks, Inc. Scott is available for consulting, writing, and speaking engagements and can be reached at firstname.lastname@example.org.