Erase, encrypt, degauss and destroy – How to avoid single points of failure

Effective cybersecurity processes, including those involved in data destruction, are built around redundancy.

If there is one universal truth in the cybersecurity world, it is that organizations should never depend on a single point of failure. As businesses consider how they will destroy data stored on hard disk drives and solid state drives, they need to carefully analyze their processes and procedures to make sure they don't have weaknesses that make them vulnerable. The challenge for many companies, however, comes in identifying the best destruction methods. One vendor may suggest a software erase and shredding, while another points to incineration. There are a variety of options out there, but here are four of the most common and a look at when they make the most sense.

"Many products claiming to permanently erase data on a disk don't actually work."

1. Erase
Performing a simple software erase or disk reformat is a tricky proposition in most scenarios. The only time when erasing is truly appropriate for a business that must protect sensitive data is when the disk will be reused within the organization. 

With a thorough software erase or reformat, data can only be recovered by skilled technology experts who can use specialized software to obtain deleted data. Most hired would be vetted prior to signing on to work and would not have enough time left without any supervision to get to erased data. However, this isn't full proof, and insider threats are a real problem. Organizations that want to reuse any old hard disks need to understand all of the data the previous owner had access to and make sure none of that information would be dangerous in the hands of a malicious employee.

2. Encrypt
Like a software erase, encryption will protect data storage devices from many types of intrusion, but may not be adequate against data retrieval experts. A guide from Florida State University shows how users can use a combination of reformatting and encrypting data to scramble and obfuscate information to such a degree that, even should the encryption code break, data wouldn't be accessible.

Encryption is particularly useful for solid state drives, as the flash storage systems are impossible to simply delete data from. However, advice to encrypt data as a form of information destruction doesn't cover all potential attack vectors, and sill comes with points of failure.

3. Degaussing
Using a hard disk degausser is a key step to take for businesses that are serious about keeping data safe. A Security Intelligence report pointed out that many products claiming to permanently erase data on a disk don't actually work and leave some information accessible. Degausser's, on the other hand, can completely destroy data through a magnetic wipe that renders the storage device useless.

The vital consideration with degaussers is to ensure they are using a powerful enough magnetic signal to properly destroy the disk you are trying to erase. As hard drive technologies have evolved to create resilient, long-lasting hardware, the magnetic resistance of hard disks has increased. Older degaussers or similarly less powerful versions may not be able to handle proper deletion when dealing with hardier systems. One simple way to check on degausser strength is to look for certifications for compliance with regulatory bodies. These groups don't hand out those sorts of quality checks easily, and organizations that get regulatory approval must prove their solutions live up to industry demands.

4. Destruction
Destroying a hard drive or SSD requires a slightly different approach.

A hard disk will still retain data after it is shredded, drilled, hammered or otherwise destroyed. An SSD, on the other hand, can be shredded and have data rendered unusable.

Incinerating or melting drives down can also destroy data, but those sorts of strategies are even more specialized than degaussing. While they are viable in some situations, such as specialized data destruction organizations, most benefits would be better served keeping their destruction strategies as simple as possible. Nobody wants to worry about harmful chemicals flooding an office because the IT team is burning hard drives.

Proper data destruction depends on avoiding single points of failure.

Avoiding single points of failure
Effective data destruction hinges on preventing any weaknesses from emerging within the practice. In some cases, organizations can run into problems by using an inadequate destruction method based on the sensitivity of data they are using or storage media is resides on. However, those aren't the only issues that come up in electronics waste management. A few best practices organizations should always keep in mind are:

  • Maintain a chain of custody to ensure that storage devices are never lost, stolen or compromised in any way. It would be particularly deflating to go through a complex data destruction process only to find that a disgruntled employee managed to grab a couple of hard drives that were left out in the open and has sold secrets to a competitor.
  • Provide supervision for any third parties that are being brought in to destroy storage media for you.
  • Consider any chemicals, sound pollution or fumes that may emerge during disk destruction and plan processes accordingly.
  • Evaluate end-to-end destruction management to ensure there aren't any week points as drives are taken apart and scrapped for recycling.
  • Consider mixing-and-matching multiple data destruction methods to maximize security and minimize the potential for error.

Businesses can simplify the data destruction process through strategic investments in on-site hardware. Purchasing degaussers, for example, allows IT teams to immediately degauss hard disks after removing them from machines, making it much easier to avoid any problems within the chain of destruction. Used equipment can present a huge threat to any business, but effective data destruction processes can eliminate that risk entirely.

Proton Data Security: