Sean Steele, one of the principal security consultants at infoLock Technologies, wrote to tell me about a new tool his company now recommends to customers that need to decommission hard drives. I looked at his recommendation, and it looks like a good solution for any company that wants to securely remove all data from hard disks before reusing or disposing of them. (This should be every company, big or small.)

Every PC eventually is removed from service, and often there is sensitive data on the hard drive. Whether that PC is recycled, resold or left to collect dust in a closet, someone should take the time to clean the private information off the hard drive before it becomes the next source of headline news.

As Sean pointed out to me, there are several popular methods that companies use to remove data from hard drives:

1. Delete the data using an OS utility.
2. Triple overwrite the data using a software tool.
3. Degauss using a degaussing process or service.
4. Physically destroy the drive.

There are drawbacks to these methods. Deleting data with the OS only removes pointers to the data, not the data itself, so the data can actually be recovered fairly easily. Triple overwriting doesn’t destroy the data beyond forensic recovery, and it can be very time consuming. Degaussing devices can be bulky, expensive and dangerous (and you still can’t verify that the data is unreadable). Destroying the drive with a shredder prevents you from reusing the drive, and creates hazardous waste issues.

Another popular tactic is to outsource data decommissioning to third party services. While this may be a convenient option, it means you have lost care, custody and control of your data, which may be against federal regulations. While you may have a legal contract in place with your service provider, you have no practical way to verify that your sensitive data has been destroyed.

The solution Sean now recommends to his customers is an appliance called the Digital Shredder from Ensconce Data Technology. The Digital Shredder appliance doesn’t destroy the drive as the name “shredder” suggests. Instead, it uses a little known feature called Secure Erase that is quietly built into the two most common disk drive interface standards, ATA (also known as IDE) and SATA.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.