DIY data erasure software uses standards that are called safe but are risky

DIY data erasure software uses standards that are called safe, but in reality, can have an adverse effect. Here are four data erasure approaches with their pros and cons.

Computer hardware isn't built to last forever. With considerably short life cycles, storage devices will degrade over time and reach their end-of-life (EOL) around three to five years. For IT professionals overseeing data storage and maintenance, hardware obsolescence can be troublesome, as this requires them to ensure sensitive data is properly deleted from all storage media.

Data sanitization is the process of removing sensitive data from a system or network. It involves purposely destroying or deleting data from a storage device, to ensure it cannot be recovered. Proper data sanitation is imperative to preserve the privacy and confidentiality of a company’s information and its clients.

Below we share four primary methods to achieve data sanitation along with pros and cons:

Data erasure is also referred to as overwriting. This software-based method completely destroys all electronic data by using binary patterns of zeros and ones to overwrite data on the storage device. This method is great for those looking to wipe digital data without damaging the data storage device. The data erasing software also provides an auditable report of destruction, which adds an extra layer of security.

Pros

• Most effective form of data sanitation
• Environmentally friendly
• The device can be reused after data disposal
• Process can be performed in-house
• Validates data was successfully superimposed

Cons

• Time-consuming process
• Device must go through a strict sanitation process
• Does not work on flash-based media such as Solid State Drives (SSD) and USB Flash Drives
• Only works on functioning storage devices

Our takeaway: Data erasure is a great solution if you are in a secured environment and you want to give a laptop to the new hire without compromising the previous owner's data. Otherwise, the time suck and incompatibility of use on SSD or USB drives make this an ever-fading solution to true data erasure.

DIY Data Erasure Standard #2: Cryptographic Erasure

Another form of data sanitation is cryptographic erasure. This technique uses public-key cryptography to encrypt all the data on the device. The encryption algorithm must be a minimum of 128 bits for the process to succeed. The original key is then deleted, effectively erasing all data from the device. Without the key, the data can never be decrypted again.

Pros

• Quick and effective erasure process
• Ideal for storage devices that require a fast erasure process
• Best suited for removable or mobile storage devices
• Devices can be reused

Cons

• May not meet regulatory compliance requirements
• Only useful for drives that are encrypted by default
• Prone to errors such as broken keys or human error

Our takeaway: Cryptographic erasure becomes much like a safe. It's great for storage and most likely won't be broken into. The problem comes in when the combination isn't remembered...and now your safe is useless.

DIY Data Erasure Standard #3: Data Masking

Data masking, also known as data obfuscation, is a way of creating fake versions of the data that cannot be easily identifiable or reverse engineered. Modified versions of data are created, which retain the complexity and unique characteristics of the original sensitive data.

Data masking techniques include

• character shuffling,
• encryption,
• substitution,
• nulling out,
• date aging,
• randomization,
• and word replacement.

The goal is to create a secure output that cannot be deciphered.

Pros

• Permanently removes sensitive data
• Easy to implement
• Complies with most regulations and standards
• Masked data retains integrity and structural format
• Makes data useless for cyberattackers

Cons

• Complex process
• Inefficient when processing minimum size data
• Slow process depending on the volume of data

Our takeaway: Data masking is far from DIY...it's complex and slow. If you have time on your hands, then by all means. If you are in the middle of a data center clean-out, then we would advise leaving it to a professional vendor.

DIY Data Erasure Standard #4: Data Destruction

Physical data destruction is the process by which all hard disk drives (HDD) and storage media are physically destroyed. This is irreversible if done properly.

Some of the primary methods include

• shredding,
• crushing,
• puncturing,
• disintegrating,
• and melting.

As one of the most effective ways to destroy data, this physical destruction provides a high probability that data can never be retrieved or reconstructed.

Pros

• Most effective form of data destruction
• Completely destroys data storage media
• Low possibility of recreating or recovering sensitive data

Cons

• Electronic equipment cannot be recycled for reuse or resale
• If the process is not performed securely, information can still be compromised
• Expensive
• Harmful to the environment and to human beings (if the proper equipment is not used)

Our takeaway: Physical destruction is absolute protection. However, with environmental, health, and loss of precious materials to consider, you may want to leave this to a professional service. Yes, drilling a hole in your iPhone may make you feel cool until you realize that the volume of e-waste generated worldwide is an estimated 57.4 million metric tonnes.

DIY Meet Audit Trail

When a company’s IT assets reach the end of their lifespan, they must be sanitized in order to safeguard any stored sensitive data, before disposal or reuse. To avoid exposing sensitive company data, IT professionals must ensure they have a reliable data sanitation strategy in place that provides an audit trail with a data destruction certificate.

If you are a DIYer, you most likely need an ITAD process and an audit trail.

An audit trail is a step-by-step record of the history and details made to a database or file. A data destruction certificate is an audit document that provides proof that all your confidential information has been securely destroyed.

When selecting a data sanitation method, it’s important to consider one that provides a data destruction certificate. This guarantees that items are successfully destroyed and ensures your company remains compliant with privacy laws.

End-of-Life Hardware Problem

If you’re in need of a fast and easy solution to your growing end-of-life hardware problem, reach out to our experienced team to learn which method is best for you here.

Be sure to connect with Greentec on

• Facebook,
• Twitter,
• Instagram
• and LinkedIn

to stay up-to-date with the latest industry news.