Every business needs a standardized process for media destruction. Many managers assume that secure erasure software offers a cost-effective means of protecting sensitive data — and for individual files, that’s mostly true. Software can overwrite data on a bit level, permanently preventing data recovery.
But while secure file deletion software certainly plays an important role in data security, physical media destruction is less expensive and much more reliable. Relying on erasure software carries significant risks, and overlooking these risks can compromise your business’s media security plan.
When determining how to safely dispose of sensitive data, keep the following factors in mind:
• Speed – Data deletion software works by overwriting files multiple times, often using random patterns to ensure compliance with various erasure standards. The Schneier data sanitization method, for instance, requires seven passes.
While this is a secure approach, it’s expensive and time-consuming. The pass speed is limited by the read/write speed of the device. For older hard drives, secure erasure could take hours. For comparison, commercial hard drive destroyers can crush a hard drive in less than a minute, permanently destroying the magnetic platters that store data (along with the read/write heads, drive-specific printed circuit boards, and other crucial components needed for data recovery).
• Security – Secure erasure requires functional media, well-trained staff, and plenty of hardware. If the software isn’t used correctly or if the media isn’t functional, it creates a liability — a well-equipped data recovery laboratory could likely restore the data with enough time and effort. Many newer data sanitization standards specifically require media destruction for this reason; technology may improve, but when the media is physically demolished, data recovery is absolutely impossible.
• Reporting – To comply with reporting standards, businesses need to verify each erasure and keep accurate logs. This can require significant manpower and technical skill.
Physical media destruction is often easier to document. A business can simply scan the bar code of the device in question, destroy the media using a compliant device, and move on to the next storage device.
Put simply, secure deletion software is impractical at scale. Businesses that regularly deal with sensitive data should have both physical and logical methods for handling hard drives, solid-state drives, removable media, and other storage devices.
The good news is that media destruction can be a safe, straightforward, and dependable process. Degaussing (which eliminates magnetic data instantly and permanently) is an effective option, though degaussing must be performed by qualified professionals. Media must be oriented correctly on the degaussing equipment, and ideally, the media should be checked after degaussing to confirm data destruction. Shredding devices can also permanently eliminate the magnetic material that stores the data. For larger data sanitization projects, these physical procedures are far more secure (and affordable) than software-based methods.