How Software Based Hard Drive Erasers Fail

Many hard disk eraser software sets brag about a quick and painless way to destroy sensitive data. The low cost and availability of these pieces of software offer an attractive solution to many consumers. What many consumers and businesses don’t realize is how vulnerable they are when using this software. Here are three reasons to avoid software destruction.
Gone, but not forgotten
When a file is deleted from many operating systems, the file is not truly destroyed. Instead, the file is only marked as deleted through the removal of its summary information. Recovery software retrieves deleted files by reconstructing this summary information. Many software destruction pieces of software work the same way, by simply removing the summary information and not the actual information. Recovering the information from this type of “removal” is exceedingly easy.

DoD doesn’t mean dead on delivery
Software shredders often brag about adhering to the data destruction methods outlined in Department of Defense standard 5220.22-M. In this standard, three rounds of data re-writing were required. Multiple re-writes decreased the possibility of data recovery by reducing the remnants of magnetic signatures on a hard drive platter. In 2006, the DoD removed all verbiage of three rounds of data re-writing. Why was this done? In the June 2007 edition of the Defense Security Service Clearing and Sanitation Matrix “overwriting is no longer acceptable for sanitation of magnetic media; only degaussing or physical destruction is acceptable”. The DoD realized that software checking of data destruction led to the potential problem of false positives. False Positives would include software saying the hard drive has been destroyed completely, even when that’s not true.
Data multiplies, time does not
Software-based hard disk destruction requires a lot of time to complete. Hard drives are always getting bigger, which means longer time periods for each destruction “pass”. While most single hard drive consumers are okay with taking a few hours to destroy a hard drive, organizations with hundreds of hard drives are unable to make this investment. Furthermore, the time required to verify that each hard drive was destroyed correctly is also labor intensive. Companies need the quick and absolute destruction of data that can only be achieved through physical destruction.
Information leaks and identify theft continue to rise because organizations and individuals thought they were safe. Furthermore, poor handling of data destruction is a prime avenue for litigation. When information is handed over, a responsibility is given to the receiving organization. Living up to this responsibility does not have to be a long laborious process.
To learn more about simplifying data destruction, please contact us.

Leave a Reply

Your email address will not be published. Required fields are marked *