What is data erasure?
Data erasure is a software-based method of overwriting the data that aims to completely destroy all electronic data residing on a hard disk drive or other digital media by using zeros and ones to overwrite data onto all sectors of the device. By overwriting the data on the storage device, the data is rendered unrecoverable and achieves data sanitization.
Permanent data erasure goes beyond basic file deletion commands, which only remove direct pointers to the data disk sectors and make the data recovery possible with common software tools. Unlike degaussing and physical destruction, which render the storage media unusable, data erasure removes all information while leaving the disk operable. New flash memory-based media implementations, such as solid-state drives or USB flash drives can cause data erasure techniques to fail allowing remnant data to be recoverable
Why should data be erased?
Companies, no matter whether they are part of a large corporation or a smaller business, would definitely need to use a professional data erasure method if they want to ensure that their data doesn’t fall into the wrong hands.
Due to legal and internal regulations, data should be erased at the end of its so-called lifecycle. There are a number of existing national rules, regulations and laws that already require companies to comply with data protection measures, and also with data erasure.
No matter what method of data erasure is used, it should always be part of a consistent process and take into account some basic points. A rule for the secure disposal of old devices should be put in place and – this is the actual core issue – also be respected. It should also be clearly specified who is responsible for the actual data erasure and who for checking it. Because from the perspective of compliance, these tasks should be the responsibility of different people. And finally, companies should never forget that data erasure is not a bothersome imposition but something crucial for the welfare of the company.
Methods of Data Erasure
There are some reliable and inexpensive ways to have data erased securely, and above all, irrevocably. If the data storage device is no longer to be used after erasure, there are two possible methods: either demagnetization using a Degausser or mechanical destruction in a so-called shredder. Both solutions work well in case of defective equipment and when the hardware necessary to access the data no longer exists. However, those responsible have to understand clearly that afterwards the media become absolutely unusable.
Degaussing does, unfortunately, have a couple of disadvantages. For a start, it’s effective on magnetic media and magnetic media only. A degausser might be powerful enough to wipe a 100-terabyte hard drive but put a flash storage device in there and it’ll come out unharmed.
One of the simplest ways to permanently erase data is to use software. Hard drives, flash storage devices and virtual environments can all be wiped without specialist hardware, and the software required ranges from free – such as the ‘shred’ command bundled with most Unix-like operating systems – to commercial products.
While different data destruction applications use different techniques, they all adhere to a single principle: overwrite the information stored on the medium with something else. So, a program might go over a hard drive sector by sector and swap every bit for a zero, or else with randomly generated data. In order to ensure that no trace of the original magnetic pattern remains, this is typically done multiple times – common algorithms include Scheier seven-pass, as well as the even more rigorous, 35-pass Gutmann method.
Unfortunately, there are a few drawbacks to software-based data erasure. For one, it’s fairly time-consuming. Then, perhaps more significantly, there’s the fact that if certain sectors of the hard drive become inaccessible via normal means, the application won’t be able to write to them. Nonetheless, it’ll be possible for someone with the right tools to recover data from a bad sector.
Obviously, software-based data erasure also hits a snag when you want to destroy information stored on media that can only be written to once, such as most optical discs.
WipeDrive is the world leader in secure data destruction. It allows corporations and government entities to permanently and securely erase data from hard drives, removable media and mobile devices, providing a secure, cost-effective, and environmentally responsible way of recycling and retiring computer storage.
- Physical Destruction
Finally, physically destroying the media is an option, but it is not always as fail-safe a method as it seems. A hard drive can sustain significant damage before the data contained therein is rendered irretrievable. In fact, even if the spinning platters inside are shattered, it’s theoretically possible that someone might put the parts together and recover the contents.
As such, simply snapping a hard drive in half isn’t a suitable technique for permanently erasing end-of-life data. If a company goes down the physical destruction route, it should ensure that the media is shattered into as many pieces as possible – most professionals would recommend using a specialist hard drive shredder.
For devices that use flash memory, the process is a little different. If the memory chip itself is destroyed, the data can’t be recovered. But if it survives, it can be transplanted into another circuit board with a fresh controller chip and the information can be accessed without much trouble.
In summary: it’s easy to assume that physically destroying media is a guaranteed way of securely erasing the data, but that’s not always the case. Doing the job properly is often as time-consuming as any other method and requires no less rigor.