Data Disposed
wiki Call Now: 877-4ENCRYPT (436-2797)
Twitter
 
Data Disposed
 

Disposing of devices that contain sensitive information requires planning and utilization of proper techniques. It is widely known that data stored on hard drives used by laptop and desktop computers can easily be recovered. These issues present themselves during computer migration where old computers are replaced with new computers. Old computers are often donated, sold to end users outside your organization, picked up by recycling companies, or simply left for the trash collectors to pick up. Sensitive data on these devices, in addition to USB memory sticks, USB drives, and server hard drives can easily be accessed by unauthorized individuals. Proper data disposal must be planned and executed.

File Level Disposal

File-level disposal software can be installed on laptop and desktop computers usually as part of a whole disk encryption package. When files are "deleted" using delete or "waste baskets" inside Microsoft Windows or Apple Mac OS the directory entry for that file is deleted, but the data still remains on the hard drive. It can be restored using off the shelf software widely available on the Internet and in data forensics tools. File level disposal is called file shredding. Rather than moving files to a wastebasket icon inside Windows or Mac OS, you move files to a special "shredder" icon, which permanently deletes the file by overwriting the data on the hard drive, thereby making it permanently unrecoverable. This typically applies to working computers and not ones that are being imminently replaced.

Hard Drive Disposal

There are several methods of disposing of hard drives:

  • Manually overwriting data on the hard drive with random data. This is done using data erasing software. However, this could be very time consuming if its necessary to erase many hard drives and may not be practical.
  • Degaussing is a performed by using an electronic device to apply a magnetic field in very close proximity to the storage media. The magnetic field randomizes the magnetic alignment of "magnetic domains" inside the storage media, thereby making the storage media unreadable. Degaussers should be tested by the National Security Agency to ensure the have been tested for maximum performance (NSA/CSS-EPL-9-12A-B). Degaussers are also subject to several risks, including magnetic remanence – data that is not erased due to operator or degausser error. Also, you will still need to properly dispose of the degaussed storage media.
  • Mechanical shredding or destruction of storage media is the most effective method of both disposing of storage media and ensuring that data is unrecoverable. Machines can either drill a hole into the media or literally shred the media using an industrial shredding system to completely destroy the media.
  • Electronic media must be disposed in accordance with NIST Special Publication 800-88, "Guidelines for Media Sanitation."

ExperiorData Solutions: Experior has the capabilities to destroy media using all three methods. The actual method used is determined on a case-by-case basis taking into account time and cost involved in the destruction of data.
 
Home|About|Encrypt OnDemand|Resources|Blog|Partners
Copyright 2008-2011 - Experior Data Security and Encryption - No parts of the content herein may be copied or reproduced without permission
www.experiordata.com

Read our white paper for healthcare on encryption and HIPAA.