Ever wondered how so much private user info is out there in the open? A lot of the data leakage is because of unsecured device disposal methods adopted by SMBs. News stories of such data breaches because of improper IT asset disposal are commonplace in tech news magazines. According to a report, cybercriminals commonly scavenge for unsecured disposed of devices and recover data from them.
Residual Data Study On Second Hand Devices.
In this article, we will explain:
- The common storage device disposal methods like shredding, degaussing, and melting etc.
- The limitations of device disposal methods methods
- Data erasure, as the most reliable method of permanent data deletion
- How you can use BitRaser to erase data from devices you wish to dispose of
- The economics of data erasure (and why licensed software is the most cost-effective)
Common Methods of Storage Device Disposal
-
Shredding and Crushing
Shredding and crushing are suitable device disposal options for organizations that want to destroy confidential information. In both these methods, the storage device is physically destroyed, making it unusable. In shredding, you chop up the device into tiny pieces using a machine. In crushing, you destroy the device by applying immense pressure.
While they’re better than disposing of devices in an unsecured way, they’re somewhat tricky to execute. The process of physical destruction of storage devices is rife with disadvantages
If you employ a 3rd party vendor to carry out a physical mode of data destruction like shredding, you undertake massive risks. That’s because you’ll never be sure whether your devices were actually destroyed, or simply formatted and repurposed. This leads to massive data privacy breach risks.
Even when you destroy a storage device yourself, there are disadvantages.
- The shredding equipment is bulky and costly
Both the shredder and crusher will take up huge spaces and are costly. That means you need dedicated operating space for both. The initial installation cost is high, particularly for small businesses.
- You’ll need multiple trained operators
Shredders are operated by trained technicians. Maintenance and repair are troublesome for businesses.
- These machines are noisy
The machines make a lot of noise while physically destroying the storage devices.
- You still need to figure out waste disposal
The chipped metal and plastic parts of the storage device will have to be disposed of correctly. Dropping them in landfills and oceans will damage the environment a lot and is illegal under several environmental protection laws.
While both these methods are reliable, they’re not practical for businesses, unless their disposal requirements are significant.
-
Degaussing
To understand degaussing, we need to understand how data is stored in a magnetic storage device such as a hard drive.
- The data in a hard disk is stored on a platter.
- The platter spins under a read/write head.
- The surface of the platter becomes magnetized when small pulses of electricity are passed through a coil in the head.
- Data is recorded using binary code, a series of 1s and 0s (magnetic pulse and reverse pulse, consecutively).
A degausser removes the information present in hard drives by disrupting the magnetic fields that store the data in the platter. As a result, the data stored in the drive is scrambled rendering it unreadable. The previously existing data pattern is changed randomly so none of the new information is the same. Hence, the data is no longer recoverable.
This process renders the hard drive unusable. Hard Disk degaussing doesn’t just delete all the data, it also makes the hard disk unbootable. That means the operating system won’t be able to detect it.
Below are the risks and disadvantages associated with degaussing:
- Costly: The price of a degausser makes it impractical for most SMBs.
- Special storage requirements: Degausser needs to be installed in a cold and dry environment. As it has magnetic components, it needs to be in a place that is free from magnetic interference.
- Demands special operations training/personnel: You will need an expert engineer to operate the degausser. Or, you have to spend hours learning how to operate the degausser.
- Not effective on solid state drives (SSDs): SSDs store data in flash memory chips, instead of magnetic disks. So, a degausser doesn’t work on an SSD.
- Generates e-waste: A degaussed drive is e-waste, nothing else. You can’t use the drive again. For SMBs that wish to reduce their e-waste, degaussing isn’t the right solution.
-
Melting
Corrosive acids, such as nitric acid and hydrochloric acid, are used to melt storage drives. The internal metallic components within the device casing get corroded and subsequently dissolved. This makes the data irrecoverable.
Melting sounds simple but is challenging.
- Dangerous environment: Concentrated acids can dissolve almost anything. Any form of exposure will cause permanent damage to the human body. Melting of storage devices is carried out in dedicated areas, which isn’t practical for most businesses.
- Expensive handling equipment: To make sure that the process is carried out smoothly and safely, a lot of safety equipment is needed.
- Costly disposal of acids: The acids have to be neutralized before they are disposed of by adding alkaline solutions to them. This adds to the cost even more.
Although effective, the risks with melting storage devices make it an unworthy option for businesses.
-
Dismantling
There’s always the option to open up a storage device and remove the part that holds the data. In the case of a hard drive, dismantling will involve:
- Unscrewing every screw in the plastic/metal casing
- Removing the platter (this is where all your data resides)
- Reusing the other components of the hard drive (read/write heads, PCB, spindle, etc)
Merely dismantling the hard drive doesn’t destroy the data. You’ll need to physically destroy the platter. This lets you reuse the other components of the drive. However, most businesses have no use for the components of a hard drive. The only purpose of dismantling, from a secure data destruction point of view, is to isolate the storage media (the platter in case of a hard drive) and destroy it.
You could dismantle an SSD and destroy its data chips. However, that’s tedious and hardly any different than simply destroying the entire SSD. That’s because, inside the SSD casing, you’ll only find a PCB where all the chips and controllers are embedded.
To dismantle an SSD:
- Unscrew all screws on the SSD casing.
- Pry open the casing.
- Take out the PCB and destroy it.
Any of the chips on the SSD PCB, if left undestroyed, can be reused to extract the data. So, this method isn’t fool proof.
-
Data Erasure
Data erasure is the process of deleting data from your storage device permanently. This process makes the data irrecoverable. Data erasure is a reliable data disposal technique because of the following inherent benefits.
- Environment friendly: Disk erasure doesn’t generate any toxic e-waste, unlike shredding, chopping, and melting.
- Affordable: When you erase your device data, you can reuse the device. Also, the software itself costs much lesser than what you’d spend on any other method.
How do I Find the Right Data Erasure Software?
Be aware of a couple of things while looking for data erasure software.
- Most software is not compliant with regulations: Make sure that the data erasure software you are using is compliant with guidelines from organizations like NIST, HIPAA, etc.
- Free versus paid data erasure software: Free data erasure software is almost guaranteed to be non-compliant. A proper data erasure software is a complex digital product, and it’s almost impossible for any software vendor to offer sophisticated software for free. Such downloadable files could easily be malware and ransomware. An affordable certified data erasure software is much better than a free one.
Choosing the Right Data Erasure Software
The correct storage device wiping software will keep your organization secure from all the risks of data breaches. Make sure to look for all of the features below while selecting a data erasure software for your organization.
While they’re better than disposing of devices in an unsecured way, they’re somewhat tricky to execute. The process of physical destruction of storage devices is rife with disadvantages. If you employ a 3rd party vendor to carry out a physical mode of data destruction like shredding, you undertake massive risks. That’s because you’ll never be sure whether your devices were actually destroyed, or simply formatted and repurposed. This leads to massive data privacy breach risks.
Even when you destroy a storage device yourself, there are disadvantages.
- Permanent erasure of data
Deleting the files or formatting the disk drive doesn’t make them irrecoverable. That merely makes the files inaccessible. The software should wipe the data completely beyond the scope of recovery.
- Meets international regulatory standards
There are multiple compliance standards that the software needs to pass before it is used. Using software that is subpar could cause a couple of issues.
- It could render the hard drive unusable.
- The data in it may not be “deleted” and can be recovered.
Both of the above possibilities defeat the purpose of data erasure.
- Affordable
Wiping the data from your storage drives should not cost you a fortune. However, destroying data using any of the physical destruction tactics is expensive. You need special equipment, special operations space, and an expert operator in almost all cases. Also, the device will be destroyed, so there’s no scope of reusing it ever.
The total cost of destruction per storage device can be prohibitive for SMBs. Instead, a certified data erasure software gets the job done at a fraction of the cost. And the higher the number of devices, the lower you pay per/device.
- Generates Erasure Reports
This feature ensures the proof of data erasure by generating a tamper-proof report. Automation of the data erasure process makes it convenient for the users. It should also come with automated reporting which contains all the details of the process.
BitRaser Date Erasure Software for Hard Drives, SSDs, Mobile Devices, and Servers
Stellar Data Recovery’s BitRaser library of data erasure software brings you all these benefits, at a cost that works for most SMBs. BitRaser offers concrete advantages over any subscription-based data erasure software.
- It complies with all relevant regulations, including NIST, HIPAA, and OnTrack.
- Automation of data erasure processes is possible. The detailed reports are uploaded securely to the cloud.
- BitRaser is fast, and you can erase up to 100 hard drives simultaneously.
- You don't have to renew your license every month. BitRaser offers a license with lifetime validity.
So, don’t dispose of your devices unsecured. Erase your data so it doesn’t end up in the wrong hands. The cost of a lawsuit linked to a data breach due to data disposal negligence can be crippling. Instead, adopt a robust data destruction strategy.
Get BitRaser Data Erasure software now.