Understanding Hard Disk Drive Destruction and How to Choose the Best Device for your Organization
Computer hard disk drives, whether external or internal, store copious amounts of information. A hard drive can contain thousands of harmless files or thousands of not-so-harmless files that contain credit-card numbers, passwords, financial records, medical information, trade secrets and other sensitive information. Therefore, the proper disposal of hard disk drives is a risk management task that must be taken seriously for all organizations but particularly for government agencies, contractors for government agencies, healthcare providers and financial institutions. While sanitization protocols can be highly effective at erasing data, there are instances where the physical destruction of the drive may be necessary or required in addition to sanitization.
This Buyerís Guide will explore methods used to physically destroy hard disk drives
and the devices that are available so you can make the right choice.
What Is Hard Disk Drive Destruction?
Hard disk drive destruction is the act of destroying a hard disk drive to render the stored data unreadable. There are right ways of destroying hard disk drives and wrong ways. Common methods of destroying storage mediums include mangling, crushing, disintegration, melting, and degaussing.
When Is HDD and SSD Destruction Necessary?
This is the million-dollar question. Data-recovery methods are becoming more sophisticated every day, and computer forensics experts are commonly retained by government and private organizations involved in intellectual property theft, industrial espionage, employment disputes, fraud investigations, forgeries, etc. However, no one should assume that computer forensics experts are the only ones who have such powerful techniques and know-how. Hackers and data thieves on local and global levels are on the lookout for hard drives that are not properly wiped or destroyed.
Depending on your business and industry, there can be strict regulations for hard drive wiping. Some of the U.S. regulations that companies must consider include NIS standards, DoD regulations, HIPAA, Sarbanes-Oxley Act, Gramm-Leach-Bliley Act, FACTA Disposal Rule, Bank Secrecy Act, and the Patriot Act of 2002. The rules can be overwhelming. For instance, agencies or private companies that store any data related to the DoD (Department of Defense), ITAR (International Traffic in Arms Regulations), financial, or medical transactions must adhere to extremely ridged regulations for IT disposal and destruction. Companies, even individuals, can face criminal prosecution if some of these regulations are not adhered to. In the U.S., there are thousands of small businesses involved in the Small Business Innovation Research (SBIR) program that may not fully understand the repercussions of improper hard drive disposal, and each government entity has its own rules, which makes compliance difficult to navigate.
Is Hard Disk Drive Sanitization Enough?
Many hard disk drive duplicators include some form of sanitization
functions that overwrite data with random characters that render the information unreadable. Current overwrite protocols, such as Secure Erase, 1-pass, 3-pass, 3-pass with verify, DoD 7-pass, meet or exceed the majority of government agency regulations. However, physical destruction following one or more of these sanitization protocols can be an effective, 2-step process that adds an extra layer of protection. Purchasing a machine that physically destroys or mangles a hard disk drive can be a cost-effective solution, particularly for small to medium size organizations that do not have the resources of larger organizations.
Types of HDD Destruction Devices
Hard disk drives are complex devices. Simply taking a hammer and smashing a disk, nuking it in the microwave or some other creative destruction technique may make you feel confident that the data is unreadable, but it is simply not true, nor are these accepted methods by agencies that require hard disk drive destruction. Most experts consider responsible hard disk drive destruction as the following:
- Degaussing: Degaussing is a term often referred to in data wiping. This method wipes data from a hard disk drive by passing it through magnetic fields or electromechanical pulses that erase data from disks in an enclosed chamber. Degaussing a hard disk drive can be effective; however, not always a fool proof method as the de-magnetizing process may not reach all parts of or every platter, therefore a 2-step destruction process is highly recommended. Degaussing chambers are costly and often require special training, making it impractical for small or medium size companies.
- Shredding: Similar to an office paper shredder that rips paper into shreds, HDD shredders use powerful blades that shred hard drives into tiny strips, typically 1.5Ē or smaller, that are nearly impossible to piece back together. While these machines can destroy multiple types and sizes of drives from one at a time to several thousand at a time, they are often heavy, bulky and almost always require special dedicated ac power circuits such as 3-phase 220 volt to operate. Depending on the model, shredders can destroy HDDs, smart phones, PDAs, electronic organizers, and other data-storage devices. Definitely not for an office environment.
- Disintegration: Typically used in organizations that work with highly classified information, disintegrators use a conveyor system and rotary knife mill that slices hard drives into unrecognizable particles that are very difficult to piece back together. Although highly effective, disintegrators are also heavy, bulky and require special dedicated ac power circuits such as 3-phase 220 volt to operate. They can also require ventilation to the outside of the building that will most likely be regulated by federal, state and/or local authorities. The same as shredders, this is definitely not for an office environment.
- Mangling/Crushing: This method is considered one of the most cost-effective for smaller to mid-size companies without the resources to buy or lease expensive degaussing or shredding equipment. Manglers/crushers destroy hard disk drives by applying immense force on the drives to crush the chassis and mangle the platter making the hard disk drive virtually unreadable. These devices can be purchased as manually powered or electrically powered. Manually-powered devices use a hydraulically-operated handle to engage a powerful steel plate that crushes the drive and chassis. Some crushers can load one or two at a time, depending on your organizationís needs and require little training to operate. Electrically-powered hard drive crushers can be more expensive and may require some maintenance, and require less physical interaction. Both types typically come in a fully enclosed casing and include chambers for safe operation, and sizes can be small enough to fit on a desktop.
In-house Destruction Vs. Outsourcing
Many organizations choose to outsource hard drive destruction, and there are many companies that offer these services. Outsourcing can be convenient, especially for small companies; however, there are important considerations to take into account. When storage mediums are taken off-site, what happens to them is out of your control. Always do your research when choosing an off-site service and verify how securely the transport vehicle is, how thoroughly employees are screened, whether the facility is monitored 24/7 and of course what type of destruction methods they use. Also make sure that the service you choose offers a certificate of destruction, but keep in mind that this may not absolve you from potential legal liabilities.
Choosing Whatís Right for You
Deciding on the most practical and safest storage medium destruction device ultimately comes down on your organizationís purging needs. While all companies should establish a set of guidelines on safe data destruction, some companies must adhere to stricter rules and be willing to invest in the equipment needed to meet those rules. No one option may fit your needs but for small to medium size companies where budgets have to be reconciled, a 2-step process that includes sanitization
and crushing/mangling is an affordable and effective option.
Aleratecís HDD Drive Demolisher (P/N 240212)
Aleratecís HDD Drive Demolisher is an affordable solution for small to medium sizes businesses seeking to destroy hard disk drives. Up to 4 tons of force is applied to the chassis to deform magnetic platters in less than one minute with no electrical power or physical strength required. Aleratecís HDD Drive Demolisher is compact enough to fit on a table or desktop and includes a safety-re-enforced chamber for easy removal of destroyed hard drives and debris.