data-medics wrote:
In my opinion, as a data recovery professional, the safest options are the ones that digitally alter the data on the platters to make it unreadable. Zero-filling is certainly enough to do the trick, (as long as 100% of sectors are verified as wiped). Multi-pass wiping is actually redundant but satisfies the paranoia of those who have doubts (thus the reason we offer DoD 3-pass). That's preferable as it keeps the drive intact where it can be re-used or kept for parts to be used in later data recovery projects. However, amateurs can easily make a mistake like only wiping a partition instead of the entire drive, or they might miss a HPA at the end of the drive where data could have been hidden by an employee looking to sneak information out. So it's best left to professionals who have equipment specifically designed for the task and eliminate human error.
I can see how in small numbers wiping the drive could seem feasible. But, at 6000 drives/year that is one big pile of work. I've tried Apple's secure erase and with their 1 pass option and the drive in an external USB adapter it took about an hour+ to do the job. So even on the low side, 1 hour * 6000 drives / 8hrs/day = 3 computers working full time erasing drives. Add a techs time to mount, unmount, deal with failed drives (the cost purchase equipment to physically destroy the failed drives) and the costs go through the roof.
Your offer of a free drive wipe service which sounds interesting, and is a real potential. But, I'm still working on the plan I'm going to present to those who care about data security. Some of the ones that care the most are the least technical, so they default to tin-hat thinking. I am educating myself so I can educate them about what is possible in the real, non-tin-hat world.
Quote:
The next best option is degaussing, which if done properly is just as effective at preventing future recovery. The strength of the electromagnet on a good degausser/demagnetizer is enough to alter a majority if not all of the bits on the drive so that no single sector will ever be readable. In fact, the servo data will even be messed up so badly that the heads will never be able to even track their location to attempt reading a sector should someone ever manage to properly rebuild the drive. The downside to degaussing is that it ruins all but the PCB (which doesn't contain any data and can be removed before degaussing). It's actually the process the military and other high-security facilities use as they don't trust their own workers to properly wipe drives 100% of the time. But, then they've actually got state secrets to protect.
Back in the day when big mainframe computers had 32K (yes K) of RAM I worked on classified military computer projects. (yup, with actual state secrets. I could tell you, but then I would have killed you, with boredom. The military loves to stamp secret on everything.
) Back then they would accept degaussing for tapes that were going to be reused for other classified work. But, when one of the "big" 70 meg drives crashed we were required to deeply score both sides of every platter and then incinerate them until they were deformed by the heat. The melted drive then had to be recovered from the ashes and given as proof of destruction to the military folks. The fuel for this fire was provided by used up tapes, classified paper printouts and a whole bunch of natural gas. Fortunately for me my clearance wasn't sufficient to allow me to do that task. My coworkers with the correct clearance said it was a miserable job destroying classified materials.
Fast forward to today and a degausser is one of the options for sure. I'm betting the last spinning hard drive we buy for a user is only a year or two away. A degausser that is industrial strength enough to destroy 40K plus drives over the next 7-8 years isn't going to be cheap, but a lawsuit because of misplaced data with make it seem like chump change.
Quote:
Drilling a hole (if you actually make it to the middle of the platter and don't miss) generally, will prevent recovery. However, it's not really a best practice as it still leaves the data intact on the remaining platter surface. While the drive is never going to work again, the data is still "technically" there. We never can know what technology the next 20 years might bring, and while we all doubt a device will exist that can read bits from a platter without skimming the surface (and being destroyed by the hole), you never can be sure. Perhaps one day they'll invent a sort of electron microscope laser that can read from a higher fly height to safely do it. Unlikely, but not necessarily impossible.
If a holed, bent, or shattered drive can be read by some yet uninvented device 20 years from now, I can live with that. I think even my tin-hatters could live with that. 20 years from now the chance of someone recovering data from a properly recycled hard drive that could harm my company is so tiny I can't imagine a scenario where it could happen. Could it happen? Yeah and I could win the lottery 10 times in a row. But, what are the chances of that? What no one can live with is finding data from a computer that was replaced within the last couple of years floating around on the internet.
Drilling holes seems like the simple and inexpensive answer on the scale I'm dealing with. I could pick up a quality drill press, drills and related gear for well under $3,000. But, IT people aren't typically known for their skill with power tools. A spinning bit, a moment of inattention = a workers comp claim or worse. Not to mention the mess of drill shavings and shattered glass everywhere.
I've also looked at hard drive crushers. There is still a mess to deal with, but I think with the safety interlocks nobody is going to get hurt. And the crushers life could be longer as SSD drives start reaching their end of life.