Forcing data to die: Decommissioning hard disks the easy way

* Digital Shredder, a tool for decommissioning hard drives

Sean Steele, one of the principal security consultants at infoLock Technologies, wrote to tell me about a new tool his company now recommends to customers that need to decommission hard drives. I looked at his recommendation, and it looks like a good solution for any company that wants to securely remove all data from hard disks before reusing or disposing of them. (This should be every company, big or small.)

Every PC eventually is removed from service, and often there is sensitive data on the hard drive. Whether that PC is recycled, resold or left to collect dust in a closet, someone should take the time to clean the private information off the hard drive before it becomes the next source of headline news.

As Sean pointed out to me, there are several popular methods that companies use to remove data from hard drives:

1. Delete the data using an OS utility.Degauss using a degaussing process or service.

2. Triple overwrite the data using a software tool.


4. Physically destroy the drive.

There are drawbacks to these methods. Deleting data with the OS only removes pointers to the data, not the data itself, so the data can actually be recovered fairly easily. Triple overwriting doesn’t destroy the data beyond forensic recovery, and it can be very time consuming. Degaussing devices can be bulky, expensive and dangerous (and you still can’t verify that the data is unreadable). Destroying the drive with a shredder prevents you from reusing the drive, and creates hazardous waste issues.

Another popular tactic is to outsource data decommissioning to third party services. While this may be a convenient option, it means you have lost care, custody and control of your data, which may be against federal regulations. While you may have a legal contract in place with your service provider, you have no practical way to verify that your sensitive data has been destroyed.

The solution Sean now recommends to his customers is an appliance called the Digital Shredder from Ensconce Data Technology. The Digital Shredder appliance doesn’t destroy the drive as the name “shredder” suggests. Instead, it uses a little known feature called Secure Erase that is quietly built into the two most common disk drive interface standards, ATA (also known as IDE) and SATA.

Secure Erase is an internal data erasure command that is faster and more secure than software "block overwrite" methods. For more technical information about Secure Erase, read this document by Dr. Gordon Hughes, Associate Director of the University of California San Diego Center for Magnetic Recording Research (CMRR). Another good explanation of the Secure Erase function is in this September 2004 newsletter published by CMRR.

Because of the potential to literally destroy all data on a hard drive, OS and PC manufacturers have blocked the Secure Erase feature through the OS or the BIOS. (We wouldn’t want hackers writing Windows code to surreptitiously invoke the Secure Erase command, would we?) However, Ensconce Data Technology has built an effective decommissioning product around the Secure Erase command. Here’s how it works.

You insert a hard drive into a bay of the Digital Shredder appliance, lock the bay, and start the Secure Erase process. Once it begins, it cannot be interrupted. About 30 minutes later (depending on the size of the drive) you have a fully reusable but completely clean hard disk. For audit purposes, the appliance even prints out a label with tracking information like the serial number of the disk, when it was erased, and what process was used.

The Digital Shredder has several bays that can accommodate virtually any kind of hard disk connector. There are no cables or connectors to mess with; the drives just plug right in. It’s also possible to clean and re-image a disk during the same process, so you can reuse the drive in another PC right away.

Watch this short demonstration to get a better idea of how the Digital Shredder works.

Sean and his colleagues at infoLock Technologies are pretty excited about their find. They say the appliance is easy to use and cost efficient. It allows a company to safely clean disks in-house and feel confident that private data isn’t going to get into the wrong hands when the PC gets sold on eBay or donated to a charity.

Copyright © 2007 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022