Did you know? Hitting delete doesn’t actually erase a file from hard drive, nor does dumping your recycling bin destroy the information on it. Formatting a drive doesn’t (always) do it either. So how do you make sure that your drives are actually erased?
Unfortunately, not all hard drives are created equal; SSDs in particular pose a unique challenge in data erasure, and currently there is no standard method for securely deleting data from Solid State devices. HDDs, however, are generally far easier to sanitize.
In order to understand how to properly deal with your storage assets, and implement sufficient enterprise data security procedures, it’s important to first understand generally how they work. Our previous article on storage devices should help with that, if needed.
Enterprise Data Security Best Practices
The methodology behind your enterprise data security procedure will be the single greatest defense against malicious data collection once your hard drives are disposed of, destroyed, or recycled. We’ve outlined some of the best practices below:
Methods for Data Erasure
Especially in the case of SSDs, no one method is guaranteed to erase data completely every time; every method comes with some risks. That’s why it’s important to include multiple methods in your data security policy. Here are common approaches to enterprise data erasure:
1.) Firmware
ATA Secure Erase is the most common of these; a program built into your hard drive that allows you to overwrite the drive via firmware commands. Most HDDs from 2001 and on have this command set. Experts agree that a single zero-pass overwrite is sufficient to remove data from modern hard drives, especially since the integration of the verify pass that will confirm that all data has been sanitized (older hardware will need more than one pass, and you’ll need to verify that data has been sanitized). Keep in mind, this will completely wipe your drive, so if you want to only purge certain files, software methods would be more helpful to you.
ATA Secure Erase is on some SSDs as well, but it is not as reliable, and under testing has been demonstrably buggy. Use this method with caution, and always make sure you can verify if it has been successful.
2.) Software
You can also utilize downloadable programs to sanitize your storage device. Different software will allow you to either wipe individual files, wipe multiple drives, or even give you the option to preserve or remove an operating system from your drive. Keep in mind that, should you choose to keep your OS, you might be unable to wipe data from applications that the OS is using at the time of the wipe.
Some of the most common free programs for HDDs are:
- DBAN – a Linux-based program. Can be run off a disk to delete OS.
- Disk Wipe – Windows App, cannot delete OS, can only be used on drives that are Windows formatted.
- KillDisk – a versatile, customizable program that also can wipe virtual drives.
- BleachBit – File shredding and disk wiping program
Manufacturer’s specific utility applications for SSDs also exist, such as:
- Samsung Magician Software
- SanDisk SSD Toolbox
- Intel Solid State Toolbox
- Corsair SSD Toolbox
- OCZ Toolbox
Keep in mind that these also are not foolproof for SSDs and should be combined with one or more of the other methods below.
Finally, there are software programsthat erase both HDD and SSD data, such as White Canyon’s Wipe Drive 9.
3.) Cryptographic Erasure
In a world where locating data can be just as challenging as removing it, cryptographic erasure seeks to secure data by encrypting it, and then simply throwing away the key. Put something in a box that can never be opened, and, theoretically, it may as well be erased.
Some free sources for Cryptographic Erasure Include:
- SanDisk Crypto Erase Tool (some drives will come with self-encryption tools)
- VeraCrypt
- CryptainerLE
This method can be a very practical solution for data that is hard to physically locate, such as on an SSD, or in the cloud. But there are some further security risks associated with this type of “erasure.”
The first and most obvious risk is that this method still leaves all of your data on the device. Encryption is secure, but it can have a shelf life, and as cryptography advances, algorithms that were once thought to be secure may become vulnerable.
Secondly, encryption is rarely perfect. Should something go wrong in implementation, then all of your data on that drive is at risk.
Finally, it can be difficult to verify that the process has been completed, and if that, successful. If you decide on this method, you’ll need to find an implementation that has a tamper-proof report of success. Make sure your enterprise data security policy has provability at it’s core.
4.) Third Party providers
Third party providers are also available to employ enterprise data security software, with their own methods of sanitation. Should you choose to go through a third party provider, you will need to ensure that the sanitation they provide is provable and verifiable, and that they can implement a multi-pass, multi-method approach to your data security.
Some notable third-party enterprise data erasure companies are:
You will want to investigate if the company is prepared to erase or destroy SSD drives, and not just HDD drives. SSDs require chip destruction, and not all traditional destruction methods will accommodate this.
5.) Physical destruction
When your drives reach the end of their life, or if the information on them is too sensitive to entrust to just data erasure, physical destruction is the way to go. You could do this yourself, or outsource it. Just make sure you also wipe the drive before physically destroying it, since there could still be recoverable information on your drives after destruction (especially SSDs if it’s not done right).
The DIY method is fairly simple on HDDs:
- Wear eye protection, gloves, and pants/long sleeves
- Place a piece of plywood under your drive
- Use a hammer to drive nails into the drive, about an inch from the spindle where the platters sit.
- Send to an e-waste company for disposal/proper recycling.
For SSDs, you’ll want to make sure all the chips on your drive are destroyed. This means you need to:
- Wear eye protection, gloves, and pants/long sleeves
- Access those chips within your specific drive (Some drives you will have to remove part of the case, others will be exposed already)
- Use a hammer so they are all crushed. Don’t use nails or a drill, these can leave chips intact.
If you decide to outsource this instead, double check that the shredders they use are equipped to thoroughly destroy the small chips in an SSD. Traditional shredders won’t work on smaller drives.
Wrapping Up
So long as you have an enterprise data security policy in place, you can rest assured that your business, clients, and employees’ information won’t be compromised. Make sure that your policies are multi-step, multi-method, and verifiable.
Need more advice on storage solutions that work for your business? Contact an Account Executive today at NeweggBusiness; we’re here to help.
