Drive Destruction vs. Data Erasure: Which Data Disposal Method is Most Secure?

Oct 02, 2023 Blog Article

Drives that have been used in a highly protected and confidential information system will need to be retired eventually, even if the data on those drives gets transferred to another storage device.

In this situation, making stored data permanently inaccessible will be critical during the decommissioning process. How do you make sure your highly sensitive data is completely destroyed at end-of life? We take a look at physical destruction methods such as shredding and degaussing, as well as secure data erasure.

Vivian Cullipher Vivian is a career writer and editor, having covered technology-related topics for government and B2B organizations since before LinkedIn and the iPhone. As Blancco’s head of content, she oversees the development of thought-leadership-based copy for web, social media, and other Blancco communication channels.

Decommissioning Drives with Confidential Data? Select the Right Data Disposal Method for Your Business

Drives that have been used in a highly protected and confidential information system will need to be retired at some point, even if the data on those drives gets transferred to another storage device. If you’re facing this situation, making stored data permanently inaccessible will be critical during the decommissioning process.

That’s because even if the once-valuable data is completely obsolete or trivial to your organization now, it can still offer a goldmine for hackers and black market data brokers.

Whatever the catalyst for drive disposal, an organization risks data leakage if data can be found or reconstructed from discarded storage devices. That could lead to heavy fines from regulators. It can breed lawsuits by those affected. There’s also the risk of financial loss and reputational damage.

Three Types of Sanitization: Which Data Destruction Method Is Right for You?

Blancco defines data sanitization as the process of deliberately, permanently, and irreversibly removing or destroying the data stored on a memory device to make it unrecoverable—a definition in line with Gartner’s Hype Cycles. A device that has been sanitized has no usable residual data. Even with the assistance of advanced forensic tools, the data will not ever be recovered.

According to Gartner, there are three methods to achieve data sanitization: physical destructioncryptographic erasure, and data erasure.

We address the pros and cons of cryptographic erasure in our white paper, “The Crypto Erase Conundrum: What’s Your Organization’s Risk Tolerance?” But in an era where shredding drives and degaussing are often the “go to” methods of final drive destruction, how do you know the best sanitization method for your organization—and whether to choose between physical destruction or data erasure for your most sensitive information?

Determining How Much Data Protection You Need

If you’ve already determined that your data storage devices require the utmost in protection at end-of-life, feel free to jump to the end of the post for our recommendation on how to treat your storage devices at that time.

Otherwise, to determine how secure your data disposal processes need to be and whether to choose data erasure vs. physical destruction, consider the following:

Data Confidentiality and Impact

Data security rests on three fundamental objectives: Confidentiality, Integrity, and Availability. Among other places, these are outlined in the U.S. document, Federal Information Processing Standards (FIPS) Publication 199, “Standards for Security Categorization of Federal Information and Information Systems (PDF).” Created in response to the Federal Information Security Management Act (FISMA) of 2002, this publication from the National Institute of Standards and Technology (NIST) weighs each of these three attributes according to risk of impact (low, moderate, high) when determining the amount of data protection needed.

For instance:

When it comes to end-of-life data protection, Confidentiality is the chief concern. This is particularly true when unauthorized data exposure could cause great financial loss, brand damage or other harm if made available to the wrong people.

Persistence of Data Sensitivity

Will the sensitivity of your data quickly age out?

The NIST SP 800-88, Rev 1, “Media Sanitization Guidelines” recommend that, for disposition decision making, “it is important to understand what types of data may be stored on the device in order to apply the techniques that best balance efficiency and efficacy to maintain the confidentiality of the data.” Also, “the length of time the data will remain sensitive should also be considered.”

Just because the data is sensitive now, will its value diminish quickly enough that it will soon be worthless to nearly everyone?

Or will the information you need to protect still be considered high-risk or highly confidential for months or years to come?

This can be important to consider as data recovery techniques advance. More sophisticated data recovery tools and skills will also become more commonplace. These factors may also influence whether you want to meet or exceed bare minimum regulation requirements.

For data that will remain sensitive or valuable for some time, you’ll want to know that you’ve successfully removed all data from devices and device fragments for both now and in the future.

Drive Final Destination

When it comes to high-risk data storage, moving IT assets from a more securely protected data environment to a lesser one is risky.

Typically, even if the data on an old drive has been previously declared confidential, if it is to be reused within the same organization, the risk of data exposure to external parties is lower. Even so, the drive must be thoroughly sanitized in a way that protects the data while preserving the life of the drive.

This allows a drive previously used by say, the finance department, to be redistributed to a different department without fear of employee salaries and bank account information being exposed internally.

However, once drives leave the organization, the organization is no longer in control of any potential data access. Any residual data may be exposed long after the organization has relinquished it to other owners.

Determination and Capabilities of Your Adversary

The truth is, any of the three data sanitization procedures—data erasure, cryptographic erasure, physical destruction—can provide adequate data protection for most needs for most organizations if executed properly from the beginning to the end of the process.

Costs, environmental impact, and the ability to reuse your devices will differ, of course. But for any enterprise especially concerned about protecting data at end-of-life, trouble occurs when any of these data disposal methods are executed incorrectly.

At that point, data sanitization remains incomplete, and data is still recoverable by someone with adequate know how and the right tools.

The value of your data, how much of a target your organization’s data may be and the capabilities of those who would benefit from your data must also be considered as you weigh your risk and choose your data disposal methods.

Subversive data access methods can be divided into two primary categories:

  1. A more basic approach (“ordinary means” according to NIST) that allows keyboard access via a standard hardware interface or
  2. A more advanced approach (“extraordinary means”) that uses forensic or laboratory techniques.

With the most notorious data access crimes committed by well-funded teams of malicious actors (rogue nation states, crime syndicates, etc.), advanced data recovery using extraordinary means can be a very real possibility if your data is valuable.

A Look at Physical Destruction

So how do you ensure that your highly sensitive data is undoubtedly, permanently, and completely protected from the moment of device decommissioning?

The answer: Use a combination of physical destruction and secure data erasure for end-of-life drives that have stored your most confidential, high-risk data—but only if sustainable reuse truly isn’t an option.

Over a third (35 percent) of organizations physically destroy end-of-life IT equipment because they believe it is “better for the environment.” But is it? Technology Recycling vs. Reuse

Effective and Ineffective Physical Destruction

Physical destruction is a valid data disposal option. It can sometimes be the only option for damaged drives and devices. But it’s unnervingly easy to take missteps that can put your data at risk.

“IEEE 2883 also obsoletes the shred and pulverize methods of the Destruct sanitization method. Strong warnings are added for using degaussing method of Destruct.”

SNIA Storage Security Summit 2022: IEEE 2883 – Sanitization of Storage

Other Physical Destruction Risks

Whatever physical destruction method chosen, there are still other risks, even if the correct data disposal processes are followed precisely for each drive type.

For instance, in any physical destruction scenario, unless you have rock-solid chain of custody measures in place, you introduce risk of loss or theft simply by giving a third-party data destruction service access to your devices. Whether destruction is conducted at your facility with mobile shredders or degaussers or transported to an IT asset disposal (ITAD) facility for ultimate physical destruction, there’s risk in relying on this method alone since there are many points of vulnerability.

In its Assured Service (Sanitisation) scheme (CAS-S), a scheme offered for companies wishing to provide sanitization services to owners of highly classified government data, the U.K.’s National Cyber Security Center cautions its agencies to ensure adequate protections along each aspect of the data destruction process. One way to do this is to carefully vet the vendors providing drive destruction services, from ensuring secure transit of drives, checking for adequate staff clearance, providing a clear audit trail of each device from receipt through sanitization and to disposal, ensuring that all equipment is in good working order and ensuring all staff is well trained in the correct drive destruction and verification processes.

Applying these practices when looking for a data destruction vendor will help ensure that you’ve minimized the chances of data being susceptible to breach and provided assurances that you are working with a reputable vendor that is highly expert in protecting your data.

Combining Physical Destruction with Secure Data Erasure

Physically destroying hard drives, computers, mobile devices, and other storage devices is viscerally satisfying.

While data erasure has been proven both secure and effective, fully able to completely eliminate data without destroying the device itself, there’s something reassuring about seeing drives mangled beyond recognition.

However, because subpar physical destruction processes can leave data vulnerable, it’s still wise to first perform secure and complete data erasure on any device used for confidential data—even if you intend to shred, pulverize, or recycle the drive or device rather than reuse it.

Because subpar physical destruction processes can leave data vulnerable, it’s still wise to first perform secure and complete data erasure on any device used for confidential data.

Even so, after devices have been erased, reuse is a real option. But the choice is yours: with erasure, you can safely reuse or destroy storage assets without fearing human error, unintentional loss, or deliberate hacking.

Also, because software-based data sanitization can be launched immediately, across thousands of devices at a time, and even remotely, you can use it to protect your data right at decommissioning for even large-scale projects.

This reinforces your chain of custody and shields your sensitive information throughout any transit or storage time. The data is simply no longer accessible by anyone.

Removing confidential data through software-based data erasure can happen in live environments or be applied to hundreds or even thousands of drives onsite.

One caution:

At an industry level, there are also faulty implementations of “wiping” data from hard drives: Overwriting may not reach all sectors (they may be hidden or damaged) or manufacturers’ built-in sanitization processes may not be implemented correctly.

Lesser attempts at removing data, such as reformatting or simply deleting files, are completely inappropriate for even slightly sensitive data since data is recovered fairly easily.

Just as care should be taken when selecting a drive destruction provider, it’s important to choose your data erasure solution carefully, and insist on both erasure verification and an audit-ready, tamper-proof report.

Blancco data erasure software has been tested, certified, approved, and recommended by 14+ governing bodies around the world. Our data erasure software erases to 25+ standards and provides certificates of erasure to meet security and regulatory compliance requirements. And, our patented SSD solution handles functionality differences across a myriad of SSD vendors.

So What is the Most Effective Method of Data Disposal?

We are confident that Blancco data erasure solutions can provide all you need for permanent, secure data sanitization and render your data completely unrecoverable.

And, because the drive or device remains physically intact, Blancco data erasure gives you the ability to redeploy your data storage assets and operate more sustainably without fear of data leakage at any time.

However, if your organization mandates or prefers physically destroying your old data storage devices, weigh your destruction methods and vendor options carefully. Then, use the points in this article to advocate adding data erasure as an extra layer of protection against future data access.

Originally published October 31, 2019. Amended and updated October 1, 2023, with additional information from NIST and the new IEEE 2883-2022 sanitization standard.

You may be interested in: