To Shred or Not to Shred
In the eternal words of William Shakespeare: that is the question. In the modern IT asset disposition (ITAD) industry, being isn’t the issue, but rather data. And the question is whether to shred or erase.
Data security is one of the biggest issues faced by companies today, and that responsibility doesn’t go away when your hardware reaches EOL. In fact, once an IT asset is removed from an organization’s network, it no longer resides within the protection of firewall security, and is at higher risk for breach. When facing a hardware refresh and the decision to decommission devices, you must consider security best practices. Should you sanitize and erase the data or destroy the drive in its entirety?
To answer that question, we should look at hard drive destruction verses data erasure.
Data Erasure Verses Hard Drive Destruction
Data erasure is a software-based method of overwriting electronic data stored on a hard disk drive or other digital media. The process obscures the data, rendering it inaccessible. A widely-used industry method, overwriting operates according to the NIST 800-88 guidelines of erasure standards. Hard disk drives (HDDs) require an overwriting pass with meaningless binary code (random zeroes and ones.) Solid-state drives (SSDs) typically require resetting the device back to its factory state.
The upside to this method is that it leaves the potential for reuse or resale, particularly for high value assets. It’s also the perfect solution for wiping out latent data prior to returning leased equipment. The downside is that it is time-consuming. Individual drives are erased one-by-one, and the higher the storage capacity, the longer it will take to sanitize the data. More time equals higher costs, so it’s important to consider resale value when deciding which method to use.
Data destruction is a physical process rendering not only digital data but also the device on which it is stored entirely unusable. Hard drive destruction is usually accomplished via one of two means: crushing or shredding.
Usually reserved for smaller jobs, crushing employs a mechanical device that applies immense pressure to the storage medium. This warps and punctures the drive in such a way as to make the data inaccessible.
Shredding involves a more thorough physical destruction of the digital asset, slicing the device into thousands of pieces. In the case of solid-state drives (SSDs) the process required is called pulverization. This is the most comprehensive form of data destruction.
How Do I Decide Which Method is Right for My Organization?
Now that we’ve addressed the types of IT asset disposition, let’s have a look at the variables so that you can confidently select the best option.
If your company deals with high-security information, the decision as to which data destruction method you use may be out of your hands. Government contracts, the healthcare industry, as well as credit reporting and transactions all have industry-specific regulations for handling data security. If you are subject to those mandates and their compliance restrictions, you must adhere to their standards.
Time is money in almost every industry, including ITAD. As mentioned above, erasure of decommissioned hardware is carried out on an individual basis, and depending on storage capacity, can take up to 24 hours per unit. Given this, it’s important to determine if that hardware has enough secondary market value to warrant the expenditure.
Shredding, aside from being the most thorough form of data destruction, is also the fastest. Considering the time = money mantra, that means it is usually the most economical choice for securing latent data.
If you’re still feeling unsure, contact GCI and we will be happy to help you figure it out.