Sign in with
Sign up | Sign in

Common Concerns with Conventional Methods

Instant Secure Erase: The Ultimate Solution for Drive Retirement and Disposal
By
Brought to you by What's this

How confidential is your data? IT managers are prone to thinking that all data is critical, and sometimes this may be true. But in most cases, there will be a spectrum of value that can be tied to a drive’s contents. This may in part relate back to the $214 per client record we discussed previously.

Will media disposal be handled in a controlled way? Asked differently, will drive data be eliminated in a way that is regulated, measured, verified, and/or audited? When an IT manager hands off a drive for wiping, where does it go? Who is responsible? Does that responsible party perform the actual wiping? What reports are generated to confirm a successful erasure, and how are those reports verified by IT? Just as importantly, is each of these steps handled by parties that IT trusts as utterly dependable?


How much media must be sanitized? Wiping one drive is easy. But if Seagate’s estimate that data centers alone shed 50,000 drives per day, then there must be bulk sanitization measures in place that are practical for large numbers of drives.

What is the time commitment? Even if NIST says that one track overwrite is sufficient in most cases, many organizations want to perform three overwrites, if only to mop up more of those off-track bits. Truly concerned outfits may even perform seven overwrites. However, in an era of multi-terabyte drives, multiple overwrites can take hours and even days per drive. Faced with a pile of drives to process, it’s not uncommon for technicians to interrupt wiping procedures or skip them altogether.

“A three-terabyte drive can take 13 hours for a wipe pass,” says Teresa Worth, Senior Product Marketing Manager at Seagate. “If you've got a security policy specifying three overwrite passes, that’s 39 hours for one drive. And, drives are only getting bigger and bigger. If you think about the number of drives that are in a data center, consider how much time this takes and what a headache it is for people to do this.”

Worth adds that not only do companies have to purchase licenses for these sanitizing applications, it’s common for wiping operations to fail in mid-stride – requiring techs to stop other work and routinely check on the status of wiping processes. “You can just hear the IT people complaining in the data center. They may be 25 hours into a wiping process and it fails. At that point, most techs just throw up their hands, have to restart the process, or they’re so fed up that they just throw the drive out for physical destruction…if you’re lucky.”

Keep in mind that IT resources continue to be under duress. In general, IT departments are making do with relatively fewer staff and lower budgets than in years past. This means fewer tools for enforcing data security and fewer people for using those tools, particularly if those tools require significant training. Outsourcing of data sanitization is always an option, but that requires more expense. Physical disposal of destroyed drives poses its own cost and environmental concerns. Overall, Gartner has placed the expense of sanitizing through clearing or destruction at $84 to $135 per PC.

“The cost of running sanitization programs on a fleet of computers can be prohibitive,” notes the IBM System Storage N Series Hardware Guide. “Even in smaller organizations, the number of hard drives that must be cleansed can be unmanageable. Most IT managers do not have the time or resources to accomplish such a task without impacting other core business responsibilities. Should a company choose to circumvent these costs and simply destroy their hard drives (many of which could be reused), they dispose of equipment that still has market value.”

In short, proper data sanitization has grown to be an ever larger problem for today’s businesses. Thankfully, a fairly new development offers a fourth and far superior option.