Best practices: How do enterprises destroy critical data?

With the emergence of cloud, most enterprises are undergo a major shift at the completion of the hardware life cycle. A lot of hardware is gets disposed in this process.

When you want to destroy data, you need to go beyond simply dragging a folder on your desktop to the trash can. Else, you could be putting your company at risk by disposing of old data and storage media improperly. These hardware often contain an enormous amount of sensitive data that poses a significant liability. Disposing your hardware without erasing the data completely, means confidential data can be recovered by a third party with just a little effort. Apart from this, electronics equipments like copying machines, printers and scanners also hold a lot of data that cannot be compromised.

While choosing a technique to destroy data, there are three factors to consider:

Quantity of data: Enterprises have to consider are the quantity of data to be destroyed and how often this has to be done.

Cost: The enterprise has to consider if the company can afford to destroy disks or if they should be reused. If they destroy data in large quantities, they can consider purchasing specialised destruction hardware.

Compliance requirement: Different standards are set for data sanitization and enterprises have to figure out if data destruction is a regulatory compliance requirement which requires some certification. They need to know how they will prove to regulators that they have met the requirements.

How do organizations erase data
The data destruction market hasn’t changed much in the past few years. When it comes to options for data destruction, enterprises have very limited options. The menu consists of overwriting, degaussing or physical destruction. Overwriting covers up old data with new information, degaussing erases the magnetic field of the storage media, and physical destruction employs techniques such as disk shredding. Each of these techniques has benefits and drawbacks.

Overwriting
One of the most common methods used is to overwrite the media with new data. Since overwriting can be done with software, it is a low cost option for some applications. This can be used to clear specific data, files, partitions or just the free space on storage media. However, it is a time consuming task when huge data is involved and the process is ineffective without good quality assurance processes. Some also claim overwriting not always foolproof – errors might occur, and the data might not be fully overwritten.

Degaussing
Degaussing refers to removal or reduction of the magnetic field of a storage disk or drive and is done using a degausser. The process of degaussing  erase an entire storage medium like hard disks, magnetic tape or floppy disks. It makes data unrecoverable and the medium is no longer usable. It’s a great option for those dealing with sensitive data. The newer models of degausssers don’t let the electromagnetic fields affect nearby objects like laptops and drives. However, it can prove expensive if you have small quantities of data.

 

Physical destruction
Mediums can be physically destroyed in many ways like shreddign, melting etc. This is usually least preferred by enterprises, or is done in addition to one or more of the above steps as many have recovered data from broken remains of hard drives. Imagine the impact if data from military or financial institutions gets into the wrong hands! It also not considered very eco-friendly and contravenes an organisation’s green strategy.

After considering the pros and cons of each method and considering the requirements, an enterprise can wisely dispose its data and ensure safety to customers.

– As told to Jalaja Ramanunni

Leave a Reply

Your email address will not be published. Required fields are marked *