The True Form of Data Security

Here’s a quote from a computer forensics expert at Harvard: “When retiring a hard drive, physical destruction makes information inaccessible.” It’s in a piece by Bill Brenner at Tech Target. The person quoted was a postdoctoral fellow, so he must know what he’s talking about.
At first blush, it’s hard not to smile and think, Well, duh! when reading something so self-evident. Maybe if the good doctor had included the caveat “the only absolutely reliable way to ensure the destruction of information” his pronouncement would have had a more dramatic effect, because what he found laying around on discarded hard drives was indeed shocking.
What prompted the researcher’s observation was his ten-year experience with purchasing over 1,000 hard drives on the secondary market. Along with a fellow researcher, he looked through 158 hard drives purchased from online auction services. Data security took a backseat to just about every other consideration.
Brenner reports:

“They rummaged through the old machinery and found thousands of credit-card numbers, financial records, medical information, trade secrets and other highly personal information.”

The researcher’s next step was to contact 20 of the organizations to see why it was so easy to access their data. Significantly, the biggest problem he found was a misplaced and naive trust that those organizations placed in the people they paid to properly dispose of the drives. Instead, of destroying the data, the consultants sent the refurbished drives on to other customers with the data intact.
One company hired a consultant to upgrade its computers and assumed all the old equipment was disposed of. Instead, the contractor cannibalized the hardware and sold what he could on eBay. That equipment included old hard drives with customer information.
There were other causes to those data security breaches:
  • Employees weren’t trained in proper data destruction techniques. In one especially egregious incident “a supermarket credit card processing terminal and a Chicago bank’s ATM machine made it out into the world.”
  • Some people simply don’t care. Organizations undergoing bankruptcy or drastic downsizing sell off or dispose of excess equipment and don’t pay attention.
Then there’s the added wrinkle of solid-state drive technology. “Soft” techniques of data scrubbing don’t work. The best assurance is total destruction.
Whatever your data destruction requirements — from policy guidance to products that will add new meaning to “crunching” data — contact us. See why we are trusted by agencies like the FDIC and social media leaders (Facebook and Twitter), among others, for totally compliant and reliable physical destruction of computer data storage hardware.

1 Trackback

Leave a Reply

Your email address will not be published. Required fields are marked *