How to Wipe a Hard Drive Completely: Erase it!

Aug 08, 2017 Technical Article

There are many reasons why organizations need to wipe hard disk drives. Whether you want to repurpose the drives, resell them, or completely remove the data before you physically destroy them, complete data removal is key to achieving data sanitization.

“The need to remove old data from storage devices is not a new idea. The industry has come up with many terms to describe this: data deletion, secure data removal, data shredding, data wiping, data overwriting, data erasure, data clearing, and data destruction.

Only one of these terms has a rigorous definition, though: data sanitization.”

“New IEEE Media Sanitization Specification Enables Circular Economy for Storage.” IEEE Computer Magazine, vol. 56, Jan 2023

How to (Really) Sanitize a Hard Drive Using Data Erasure

  1. Back up anything you want to keep. When the hard drive erasure is complete, there will be no way to get anything on the drive back.
  2. Choose a specific data erasure standard based on your industry and organization’s unique needs.
  3. Perform the data erasure according to the software’s instructions.
  4. The data erasure software will verify the overwriting methodology has been successful and that data has been removed across the entire device.
  5. The data erasure software will produce a tamper-proof certificate containing information that the erasure has been successful and written to all sectors of the device, along with data about the drive and erasure standard used.

After following these steps, you can feel confident that the data is gone for good, and you’ve achieved permanent and compliant data sanitization.

Why is this the case?

You may already know that deleting data doesn’t completely remove that data; it only “hides” the data on a storage device. Until the data has been overwritten, it remains easily recoverable. Not only does this leave your organization vulnerable to unauthorized data access, it also leaves you at risk of regulatory fines and penalties.

So, if deleting isn’t how you completely remove data, you should wipe that data instead, right?

Wrong.

Data wiping doesn’t achieve true data sanitization because it doesn’t include verification that the data is gone. To truly achieve data sanitization of drives, you must invest in software-based data erasure, physical destruction, or verified cryptographic erasure.

Data Wiping vs. Data Erasure

The term data wiping is often used interchangeably with data erasure; however, there are core differences. 

Data Destruction ActivityRequired for Data Sanitization?Data DeletingData WipingData Erasure
Overwriting data YesNoYesYes
Use of an industry-recognized overwriting standardYesNoNoYes
Execution across all sectors of a driveYesNoNoYes
Verification of data overwriteYesNoNoYes
Audit-worthy report identifying drive, standard used, date of erasure, and other detailsYesNoNoYes
Only data erasure fulfills all requirements for software-based sanitizing data from hard drive sanitization.

Data wiping is the software-based method of overwriting data without verification that the software was successful in overwriting to all sectors of the storage device. It does not produce a certified report that can stand up to an industry or third-party audit.

Unlike data erasure, data wiping does not follow any erasure standards and does not offer any proof that the data is unrecoverable. Therefore, this method is not considered an approved method for data sanitization.

What is Data Erasure?

Data erasure is the software-based method of securely overwriting data from any data storage device using zeros and ones onto all sectors of the device. By overwriting the data on the storage device, verifying the data has been erased, and certifying that erasure with an erasure report, the data is rendered unrecoverable and achieves data sanitization.

Blancco Drive Eraser sanitizes to IEEE 2883 and NIST 800-88.

Get Your Free Trial