Driven to destruction: secure data disposal
Print page
The chances are that you have become accustomed to equating data loss with portable drive loss or laptop theft. Not really surprising given the number of high profile public sector data loss incidents this past year or so. However, as
Davey Winder reveals, one of the main culprits could be getting overlooked.
When auditors KPMG published the first Data Loss barometer recently, it showed that in just three years some 280 million people worldwide had been victim to data loss. Some 70 million cases were down to theft of a PC, an astonishing 53 million suffered at the hands of a public sector cock-up. Let's not forget the 685 laptops stolen from the Ministry of defence in the last four years, or the 12,000 laptops lost in US airports every week!
One of the best places to start securing against data loss, is understanding how to safely deal with data when you retire your hardware. Every year BT’s Security Research Centre, in conjunction with the Forensic Computing Lab at Glamorgan University, produces a survey to reveal just how much of a problem insecure disposal of hard drives actually is. The last survey revealed that of the 350 hard drives obtained by BT from sources around the world, 133 of them in the UK, 75 were in a working condition. Of those, 62% were found to contain sensitive corporate or personal data.
Rubbing out explosive disclosure risk
Top ^
Decommissioning a hard drive securely, by which I mean that the data upon it is totally erased to the point of being unrecoverable, is not as straight forward as most people think. Just because a drive has ‘failed’ does not mean that the data upon it has disappeared. The old adage of disks are cheap but data is valuable should be etched into your psyche. If a disk fails, if a machine is retired, then you have to think about getting rid of the data in order to prevent the kind of potentially explosive disclosure issues that could arise were it to fall into the wrong hands.
A shotgun approach to security
Top ^
I know of one person who runs the IT department for a publicly quoted company in the finance sector who used to insist on personally ‘mechanically disrupting’ hard drives with both barrels of a 12 bore shotgun. On its own, this is still not 100% secure, because it is actually possible to reconstruct data from the disk platters if someone had the time, money, expertise and inclination so to do. I have seen professional data recovery firms legitimately recover data from computers that have been submerged for days, incinerated beyond recognition and crushed by concrete. Which is why he, and I, both adopt a multi-layered approach to the problem of securely decommissioning hard drives: and so should you.
This means that you need to securely erase the data first. Not just delete files and not just format the drive either. Both are insecure methodologies which leave the actual data intact, merely changing the software flags which say that bit of the drive has data written upon it. With the space marked as available for reuse, new data can be written over the existing stuff. The trouble is, even if some of the data is overwritten, it is remarkably easy to reconstruct confidential files using readily available forensic software. This opens the logical path where the deleted files used to be and then uncovers the disk sectors where the data still resides, and can be achieved simply by searching for some common words within a text string.
So what are your options when it comes to securely decommissioning hard drives?
- Anticipate accidental decommissioning.
Encrypted data is not accessible by any Tom, Dick or Harriet who buys a second hand drive. Users of Windows XP and Vista should, therefore, encrypt drives using the built in tools as a first line of data defence in the event of ‘accidental’ decommissioning such as theft of a PC.
- Erase instead of delete.
By using a secure erasure application you can overwrite your unwanted data with random streams of new data, multiple times. The more of your original data that has been overwritten, the less the chances of recovering usable data becomes. The UK Government insist upon three passes of random data overwriting before disposal, but software is readily available that uses the Gutmann 35 pass methodology for real security. Remember, the safe disposal of sensitive information is a requirement under the Data Protection Act.
- Destroy and recycle.
Some disposal companies will use a degausser machine to bombard hard drives with electromagnetic frequencies and effectively scramble all the magnetic particles of the disk platter, destroying any data in the process. Just how secure this is depends upon the machinery used, as there is a fine balance between destroying the data and destroying the drive as well.
- Destroy instead of recycle.
It might not be environmentally friendly, but hard drives can be removed from computers before recycling and physically destroyed (following data wiping) to ensure 100% secure decommissioning. There are companies which will granulate a drive until it resembles kitty litter, and provide a certificate to prove it. Although it is tempting to take the “recycle it and make a couple of quid” option, is it really worth risking confidential patient data for such a small bounty? Oh, and if money is a problem, then you can either drive a nail through your drive or take a sledgehammer to it.
Author, journalist and security consultant, Davey Winder has been writing about security issues for 16 years and in 2006 won the prestigious IT Security Journalist of the Year award.