Choosing the Right Data Destruction Program
Choosing the Right Data Destruction Program
As one of the last steps in any data security program, data destruction is an important part of managing IT assets and the sensitive information they contain. Different methods might be selected for the amount of time, cost, and auditability of each specific process. The following three methods are the most common ways of performing data sanitization.
Data overwriting, often called erasure or wiping, refers to the process of using specialized software to write meaningless data onto drives or devices. This is usually done in large batches where many drives are simultaneously wiped. Overwriting is best for devices that can be reused, and damaged drives cannot be cleared this way since the process depends on the hardware. Wiping can be time consuming for larger hard disk storage capacities and requires a quality control check, but it allows for certificates of destruction to automatically account for each individual storage device and they can be reused or resold to recover value.
Degaussingis a form of data destruction that uses high powered magnets to disrupt the magnetic storage medium used in hard disk drives. This quickly destroys the data, but it also makes the drive inoperable and it is therefore impossible to verify that the data is destroyed without sophisticated and expensive techniques. Drives are generally recycled by shredding following this method of erasure which makes it an added cost to standard data destruction. Degaussing is also only effective for magnetic media so it will not work on solid state drives or optical storage like CDs.
Physical destructiontypically involves shredding devices, but it can include any method that makes the storage media unusable such as crushing and drilling. Shredding is the most suitable data destruction method when devices cannot be reused. It can also be fast, inexpensive, and effective for a wide range of storage devices including hard disk and solid state drives, data tapes, optical drives, and electronics.
Besides choosing the data sanitization process for your equipment, it is also important to choose whether the destruction will take place onsite or at the vendor’s facility. Onsite destruction is more suitable for smaller quantities while larger quantities can be transported with GPS tracking and witnessed, or video recorded at the vendor’s facility to satisfy regulatory requirements. Another regulatory question is whether you will require serial numbers for each device on the certificate of destruction for auditing.
By working with a certified data destruction vendor and answering these questions, you can ensure that every step of your data security program is prepared and effective.