Do you have a policy for decommissioning end-of-life storage hardware?

Security policy should provide guidance for the organization on how to decommission storage hardware containing unprotected information. Learn why such guidance is vital to any data storage security project.

Do you have an existing policy for decommissioning end-of-life or off-lease storage hardware?

About the expert
Ryk Edelstein is the founder and director of operations of Converge Net Inc., a Montreal-based network services provider specializing in data loss prevention, risk and vulnerability management, and automated policy violation detection and protection. He has held various roles for a number of IT services companies since 1981. Click to download his data storage security FAQ podcast.

This is a really important part of storage security policy. Often, security policy will neglect providing sufficient guidance on the organization's accepted practice of decommissioning end-of-life, off-lease or warranty-replacement storage hardware devices containing unprotected information. It is not uncommon for a policy to include a statement as simple as "End-of-life storage hardware is to be decommissioned using recognized data sanitization practice." The fact is that, until recently, there had been no industry standard, and often vendors claim compliance with outdated Department of Defense specifications.

Guiding clients to an effective and recognized data sanitization practice for storage hardware is very valuable and can ultimately save your client a lot of money that could be wasted on unnecessary products or services. Proper guidance can be found in the National Institute of Standards and Technology (NIST) Special Report 800-88, which is a comprehensive guide that covers all types of data storage decommissioning.

A very cost-effective means for clients to decommission storage hardware can be achieved by using Secure Erase, a technology embedded in all ATA, IDE, SATA, PATA and laptop drives since 2001. Secure Erase is recognized by the NIST as a purge-level technology, capable of eliminating stored data beyond forensic recovery.

Dig Deeper on Storage Backup and Disaster Recovery Services