In our previous article on drive-based encryption, we discussed on-drive encryption as an optimal way to protect data-at-rest. Encryption is constantly active on the drive, and only the proper credentials can unlock it. Even if systems are lost or drives are stolen, a self-encrypting drive (SED) can assure that all data remains protected.
However, another aspect of SEDs should be of equal importance to IT professionals: drive retirement. When a drive reaches end of life, either through age, end of lease, failure, or migration to other systems, the data on that drive must be dealt with. After all, a drive in a trash bin, repurposed into a desktop PC, or sitting in some OEM’s returns room poses all of the same liability risks as a drive maliciously swiped from a server room if sensitive data still resides on its media.
For decades, the IT industry has used various methods to deal with drive retirement. In each case, there are a few advantages and several key drawbacks. Self-encrypting drives address these drawbacks literally in milliseconds and at almost no expense. At the heart of this advance is Seagate’s Instant Secure Erase functionality.
Any IT worker worth his or her screwdriver should know that formatting a drive does not erase data. Formatting simply removes the indexing file that leads to that information, something like ripping out the table of contents from a book. The chapters are still there for anyone to read; only the shortcut to the correct bits has been removed. Any cheap file recovery app or similar forensic software can reveal the data otherwise invisible to the operating system. Again: formatting is not a secure method for data sanitization.
Even apparent drive destruction is sometimes no guarantee of real erasure. Perhaps the most dramatic example of this was the 400MB Seagate hard drive recovered from a lake bed in Texas. The drive had been part of the Space Shuttle Columbia during its tragic explosion in 2003. After its discovery, the drive – so charred and melted that the IC chips were floating about inside of the casing – was sent to Kroll Ontrack, which was able to recover roughly 99% of the data from the drive platters.
In a related side note, a 2010 audit of NASA IT found woeful weaknesses in the organization’s security. For example, 14 computers marked as having been sanitized of all data turned out to still carry readable information. One of these was even to be sold to the public. The following statement from the audit could well apply to many enterprises:
“We found significant weaknesses in the sanitization and disposition processes at each of the four centers we reviewed. For example, we found that Kennedy managers were notnotified when computers failed sanitization verification testing; that no verification testing was being performed at Johnson or Ames; and that Kennedy, Johnson, and Ames were using unapproved sanitization software. We also found that while hard drives are destroyed at Langley before computers are released to the public, personnel did not properly account for or track the removed hard drives during the destruction process.”
Do any of these characteristics apply to your organization’s drive disposal habits?
In our prior article on drive encryption, we examined several market statistics, including the Ponemon Institute’s estimate that every client record lost costs the offending company $214. Until now, we’ve side-stepped drive disposal or re-purposing. As we saw, a shocking number of drives exit companies and data centers still containing sensitive information. This is never supposed to happen, yet the frequency with which such lapses occur underlines the flaws inherent with each of today’s conventional wiping methods and vastly complicates the drive retirement process.