Tuesday, May 1, 2007

Erasing drives: This drive will self destruct in 1...2...3...

Drive wiping techniques are a frequent point of discussion in the information security community. Most IT staffers know about DBAN and there are plenty of both freeware and commercial tools out there.

If you need something different - either because the drive isn't in a system, or you want to centralize it, there are dedicated drive wiping systems like Ensconce's Digital Shredder . On the other end of the drive wiping spectrum are degaussers like these which are great for wiping drives that are no longer working, but still contain data, or for drives that you don't have interfaces for for your wiping system.

Yes, sometimes somebody shows up with a pile of Fiber Channel drives, or a Bernoulli disk, or some other for of media that you don't have a handy USB adapter for.

You can also have your drives physically destroyed - shredding and destruction companies will do this and will provide a receipt to demonstrate that they've been properly destroyed.

And then there's the drive that Ensconce Data Technology is promising. Sign me up for a self destructing hard drive!

How do you choose what is appropriate for your organization? As always, ask questions.

  1. Do you have to follow any legal or statutory requirements? If so, make sure your strategy satisfies them.
  2. Do you have internal policy requirements? If not, why don't you?
  3. What are the security requirements of your data? Check your data handling guidelines.
  4. What would exposed data cost your organization? Data recovery tools are available, and are easy enough to use that even those without significant technical knowledge can recover data from a drive if it hasn't been securely wiped.
With these answers in hand, you should be able to create policy - if you don't already have it, then create procedures and select appropriate technologies to support them.

No comments: