Data erasure is an extremely important practice, and is one that defines not only the level of security for data handled by the organization, but the level of compliance with a variety of regulatory bodies. As such, proper data erasure in a complete and final method is extremely important. Unfortunately, internal data erasure is not always a great option - and can, in many cases, result in more data insecurity that the data insecurity it purports to fix. This is where drive shredding comes into play.
While it should be said that the best fundamental data practice to adopt is to erase drives as the data is no longer needed rather than opting for external erasure with high data volumes, it is much more important to ensure proper destruction than any other practice as a matter of course. Today, we’re going to take a look at the risks of such internal data destruction, and what can be done to negate them.
Inaccurate Data Destruction Reporting
The primary risk of doing your data erasure and shredding internally is the risk of incomplete, inaccurate, or misleading reporting as to the state of destruction. With so many regulatory bodies demanding a solid chain of custody and documentation of actions taken, it can be very risky then to not feature the documentation process heavily on your internal staff.
When a drive is physically destroyed, you must report it in a manner that is not contingent on the drive existing. In other words, automatic reporting is not really a viable way of monitoring drive status – the drives themselves must be entered into a system, given a status code, attached to a technician’s identity, tagged and scanned, and further tracked throughout each stage.
The reason for this heightened complexity is the aforementioned privacy regulations. It’s not simply enough to have employees go by honor and word – it’s very possible not only for an unscrupulous staff member to mark a drive as destroyed and then resell it, but for an honest employee to also mistakenly mark a drive as destroyed and allow it to get lost in the process itself.
While staff trust is certainly a valuable commodity, what is more important here is creating a process that in itself leads to security and testable records so that staff trust is not even a variable. As such, assigning multiple staff to witness the destruction, attaching scannable tags, etc. are great methodologies to ensuring accurate reporting.
Incomplete Data Erasure
Secondary to inaccurate destruction as a chief concern, incomplete destruction is just as worrying. It’s a distinct possibility that data is not destroyed properly, either due to the overall process failures or in the nature of the drive itself. In these cases, where data is marked as destroyed despite it still existing in one form or another, you’ve entered the worst case scenario. Preventing this should be your top priority.
Of course, some methods are more dangerous than others. While some companies have taken to “fun” or “unique” data destruction methods, it should be noted that using non-sanctioned unofficial means of destruction are not effective. There have been stories of workers drilling holes into a hard drive case or hammering the platters as a means for data destruction, and this is very worrying. Why? Because it’s actually not all that effective.
The fact of the matter is that these “fun” methods, or even the machines on the market that specifically utilize these methods (known colloquially as “bending units” and “hole punch” or “drilling units”), leave parts of the physical device intact. Using specialized methods, the magnetic image on the platter can be lifted, and at the very least, some data recovered.
This physical methodology has continual risks even when you get to “sanctioned” methods. Shredders are great, but if the shredder is of low quality, the drive may be left in chunks big enough to recover fragments of data. When shredding SSDs, where data is stored on chips rather than platters, this becomes a bigger problem. It’s very unlikely, but not impossible, that a single chip might fall through the grinder, unaffected by what happened around it.
It’s not just physical methods with issues, either. Degaussing is perhaps the most effective of these methods, but even it can in theory render data exposed in a theoretical manner. Since degaussing renders drives inaccessible, it is possible, though extremely unlikely, that an underpowered degausser can destroy boot records and other surface data while leaving forensic data preserved – all without any way of checking.
The Solution - Mitigation Strategies and Considerations
The solution, of course, is to err on the side of tested, credible solutions. When choosing a system for your physical destruction processes, you should always look for credible providers. Check their previous work, contact previous clients, even look into reviews on the internet. Ask for credentials, and verify any licenses provided.
While this isn’t a surefire thing (after all, there are many providers out there still using services that are insecure, but just secure enough for average users), it certainly makes for a good first step. Seeing the actual data values for the power of the degaussing machine you’re using, or the teeth size of the shredder and the physical space, all of this can lead to greater security.
Also consider multiple passes of the same solution. This is a technique used extensively in data erasure using software. When you degauss a drive, pass it through three more times to ensure permanent and complete erasure. Shredding a drive? Use a pass-through grating system, where larger parts remain after smaller parts are filtered into a container below, and pass those larger pieces through the shredder again. Use cross-shredding systems, where teeth are arranged in random or pre-set diagonal patterns for complete shredding.
Ultimately, the goal is not just to shred these devices, but to do so in a secure manner.
Health and Safety Considerations for Staff and Workers
As an aside, one risk we didn’t discuss here, but is important to bring up, is a matter of health and safety. While we’ve principally discussed issues and risks to your data, you should always remember that using highly magnetic machines and shredding systems has a certain amount of risk to your workers.
Thus, providing top-notch training and education as to the use of these machines and protective gear such as face masks, eye protection, and even ventilators will go a long way towards making your work place safer.
We hope this has helped educate you on the risks of internal data shredding, and how to mitigate these risks. While no system is perfect, and no measure beyond melting down the drives or shredding them to the microscopic level will ever be perfect, you can get to a state where the data is in practice completely unrecoverable with a few simple considerations.
As always, consider the quality of your chosen solution, and train your staff as to its usage. If you follow these few simple guidelines, and consider your shredding solutions on the merit of quality, proven performance, and appropriateness to the job at hand, you can mitigate all of these threats to the point of near non-existence.