Is a Low Level Format Enough to Guarantee Data Sanitization?

Historically, many organizations have used various forms of formatting (low level format, deep format, full format, etc.) as their process for removing data during asset decommissioning. This has resulted in both process inefficiencies and severe data breaches.

Formatting can go by many names, such as low level format, deep format or full format. This summary will outline why none of these formatting options can be the foundation of a secure decommissioning process.

Note that you will also find several OEM alternatives to formatting that are referred to as “erasure.” These methods also have limitations and do not meet the guidelines for true data erasure, which features a chosen erasure standard, verification and certification.

Issues that Arise with Formatting

  • It is often unknown if the Windows format has managed to detect the disk size correctly. This is especially true if the disk has HPA or DCO areas. In these cases, it is likely that only part of the disk gets overwritten.
  • There is no verification with a format, so if something goes wrong with the process, there is no way to know it. For example, an operator may choose a quick format instead of a deep format based on misunderstandings or time pressure. Another common issue? Interruptions. When you process more than one computer, it’s likely that one or more of the machines will turn off from loss of power or being accidentally unplugged at some point.
  • With a proper erasure software the (digitally- signed) erasure report creates an audit trail. With it organizations can show that they have done their part in safekeeping data correctly. A format does not provide this type of auditable verification.
  • Many modern computers come with solid-state drives (SSDs), and to safely overwrite those, a special SSD overwriting method is needed. SSDs have overprovisioned areas which will be untouched if formatting is used as a data destruction method.
  • Formatting does not identify bad sectors on hard drives, opening a potential security risk. When organizations use software-based data erasure (overwriting), they can determine how many of their hard drives have been erased successfully—and which of these erased drives contain bad sectors. Those with bad sectors are typically sent for physical destruction to avoid potential security risks.
  • Formatting can be very time-consuming. It is not a process that you can easily scale and run automatically in a production flow. Additionally, if you are formatting servers or desktops with more than one drive, these drives cannot be processed in parallel.

Download the Solution Brief.