Solution provider takeaway: Solution providers looking to guide customers through decommissioning hardware need to look past vendor information and keep up to date on the proper techniques.
For many years, hardware lifecycle management didn't get much attention. For most companies, it was an uneventful, even humdrum practice. But in recent years, privacy regulations stepped in and are now driving the decisions around when and how to put old hardware out to pasture. Although this is a necessary step forward, it does bring challenges around policy, methodology and cost. We have to face the fact that the hardware security policy any company creates needs to extend beyond the active life of that hardware. Confidential data on that hardware needs to be eradicated.
When decommissioning storage hardware, your customers must avoid any potential exposure of legacy data. The consequences of not doing so are severe: Directors can be held personally liable, and companies risk a damaged public image, plus a financial wallop from mandatory disclosure and damage control.
With a lot at stake, both public and private organizations are looking to solution providers for guidance in the development of responsible hardware lifecycle management. Despite its apparent simplicity, the practice and technologies associated with drive sanitization may not guarantee the absolute elimination of legacy data. You may be among those solution providers who aren't eager to take on this work for fear that poor guidance or fallible technology will expose you to all kinds of liability.
To deliver effective hardware decommissioning solutions, you need a solid understanding of the capabilities, limitations and operation of hard drive technology, the ability to identify reliable and applicable guidance, and the knowledge to evaluate suitable sanitization practices and technologies. Complicating this process is the fact that any attempt to research recognized sanitization standards or practice will expose you to a dizzying volume of guidance available from government, academic or vendor sources, with much of this guidance outdated, biased or inaccurate.
One such example of outdated guidance (which, unfortunately, is commonly referenced) is the U.S. Department of Defense's 5220m specification. Despite the fact that the DoD has been replaced by the National Institute for Standards and Technology as the Cognizant Security Authority for the federal government's data decommissioning policy, DoD 5220m is still being touted by vendors of drive overwrite products. No doubt, this can be explained by the favorable view DoD 5220m casts on their products. But that doesn't change the fact that NIST is the current CSA for the U.S. federal government, providing guidance for acceptable data sanitization practices in publication 800-88. In this report, NIST categorizes hard drive decommissioning by levels of security, defined as Clear, Purge and Destroy.
Clear-based technology is commonly available in a software overwrite product. This hardware lifecycle management process involves writing multiple passes of obfuscating data to all accessible storage regions on the hard drive, and requires many hours to complete. Deemed as susceptible to laboratory-level data reconstruction efforts, overwriting should only be used in environments where the target device does not support a more effective sanitization method, such as Secure Erase (more on Secure Erase below), or where an established data classification model is in place and drives containing only nonconfidential data can be identified. However, given the choice, the length of time required to overwrite a drive may be unappealing -- the process to overwrite an entire drive is 18 times slower than using Secure Erase, which affords a higher assurance of data sanitization.
Purge-level sanitization eliminates data from all storage regions on the media surface beyond laboratory reconstruction effort. Purge-type processes include degaussing and Secure Erase. Degaussing involves exposing the drive to a magnetic field of sufficient power to eliminate all traces of legacy data on the enclosed magnetic media surface. Requiring costly hardware, caution must be taken when degaussing high-capacity hard drives since the reliability of the process is contingent on operator training and frequent audits of the processed devices.
Another purge process, Secure Erase was developed by the Center for Magnetic Recording Research at UC San Diego in collaboration with six major drive vendors, as a device-embedded data sanitization protocol. As a component of the ATA specification, Secure Erase resides in every standards-compliant ATA, SATA, IDE, PATA and notebook drive produced since 2001. Launched through a sequence of commands, Secure Erase is a highly effective technology that can purge 100 GB of storage in as little as 17 minutes. Operating as an internal overwrite process, Secure Erase benefits from a privileged relationship with the drive control circuitry and can render the processed device devoid of any legacy data in all data storage regions of the media surface. As a nondestructive operation, the device is reusable at the completion of the process.
Destroy-level sanitization, or physical destruction, on the other hand, can ensure the absolute destruction of all data when performed in accordance with acceptable practice. Often conducted at off-site service facilities using industrial shredders or other physically destructive means, the hardware lifecycle management process employed must ensure that any data residing on a processed device cannot be reconstructed by any effort. Despite a lot of focus on the effectiveness of the process, hardware is vulnerable when it's handed off to carriers -- and, in fact, solution providers -- for delivery to the destruction site.
With the right resources, storage solution providers and consultants can realize new sources of revenue by offering decommissioning services. If you're interested in this hardware lifecycle management opportunity, you can find reliable guidance from organizations such as the NIST as well as the National Association for Information Destruction (NAID). In fact, NAID recently introduced a data destruction service provider certification program.
About the author
Ryk Edelstein is the founder and a partner at Converge Net Inc., a Montreal-based solution provider specializing in the delivery of network performance optimization, security and privacy solutions. Ryk has been actively involved in guiding enterprise and government clients in establishing best practice solutions for the decommissioning of end-of-life storage hardware using properly aligned technologies.