What to do with old hard disks? What to do if your company is going to upgrade its equipment? How to get rid of any useless hardware? However we approach these problems, everything will always concern one important issue – the protection of confidential data.
Data security policy
Briefly and generally – data security policy is a set of precise rules and procedures created to organize the resources of a company including the issues of protection, management or sharing data. Such policies also include scenarios for i.e. data loss, unauthorized access etc. We can ask “what’s it for?” but don’t you think such a question is misplaced? In the modern information society, data management has became a matter of “to be or not to be” on the market. It is not only about the law and the security of personal data. Information is a pillar of modern enterprise.
So, if we talk about data security, what should be taken into account? We can point out three main areas. The first area is software, the second is hardware and the last is models of security, like: events tracking, permission management of levels, control over access, mechanisms and methods of identification and authentication control etc. In the cases of the first and third one, we can talk about avoiding any kind of leakage of data currently stored and used. Supervision over the issue of hardware is however more complex. It concerns the prevention and protection not only on the physical plane but also such problems as utilization.
What to do with useless hardware? How to do it in relation to company’s policy on data security? Let’s think about the problem in two way. First we should take into consideration the situation in which we have to deal with data that does not require protection. In the second case we should take into account critical data – important for the functioning of the company on the market.
“Soft solutions” with storage software
There are plenty of software solutions created and used to remove data from HDD – in this way it will not be probably recovered. Every kind of professional storage software should have such tools. I.e. if you use Open-E DSS V6, there is the possibility to “Remove LV (logical Volume)” with “Fill with zeros” option.
click on image to enlarge
But remember, with a willingness one can do anything – nothing is impossible in the mind. If you keep any kind of critical data on your HDD, it may be a better idea to simply destroy it. The costs of data theft can be many times larger than the gains from storing it.
“Soft solutions” with specialized software
If you don’t use DSS V6 (remember, also DSS V6 Lite version has the “Fill with zeros” option) but you want to be sure that your data will be completely removed. There are a few software solutions for you, we can point you towards freeware, Eraser or commercial: Active@Eeraser, BC Wipe 3, Blancco File Shredder or East-TecEraser. Effectiveness of software deletion is debatable, however let’s suppose it may be a sufficient solution for the ordinary man in the street.
For a more cautious approach we have some advice. If you have any critical data you want to remove (before you will throw your HDD into the trash), try TrueCrypt. Securing data and then deleting them (in a safe way) should give you a hundred percent certainty that your data will be not recovered by an unauthorized person. Why? Even if someone manages to recover a piece of data, the decryption of it will be virtually impossible. Of course, it only concerns the files that have not been removed yet.
“Soft solutions” with OS
With some degree of doubt, but still worth mentioning are also the inner OS solutions. MAC® users may use the built-in functionality. It is called “Secured Empty Trash” and you can find it in the “Finder” menu. There is also “Erease Free Space” – the Disk Utility program (in “Utilities” folder). It scans the HDD for unused space and deletes it to military (7 passes) or Guttman (35 passes) standards.
Windows® users can also use its built-in functionality – “Diskpart”. It does not operate through a network connection. Therefore, in cases using the NAS drive(Network Attached Storage) , there is a need to remove the drive and connect it to the hard disk controller in your computer or as an external drive via a USB adapter. Here we present a small step-by-step:
- Log-in as admin. In Windows Vista you will probably need to use the user account management tool.
- Push “Windows” + “R” and type: “diskpart”.
- Type “list disk” and push “Enter”. You will see a list of detected data devices that should identify the discs. The first one will have the number “zero”. The second drive will be number “1” and so on.
- Choose the disk – i.e. “select disk 0”.
- Type “clean all” – your data will be lost now.
- When the process is finished, type “exit”.
In Linux (and also MAC®) you can use “dd” command – like:
dd if=/dev/zero of=/dev/device bs=1M
… where: bs = block size and device = sda, sdb etc.
Or better, the “shred” command (only in Linux). Here you will find more information about it: URL
We are not sure about the MAC® and Windows® solutions and their effectiveness. However, we can say that Linux and its “shred” command gives a really interesting and probably the best effects of these three solutions.
As it have been written, “with a willingness one can do anything”. Everyone knows the “deletion” of data is not always equal to an inability to recover them. Even if we use specialized software, risk still remains. That is why, if we take the rules of data security policy seriously, the only way to get rid of old storage devices is to destroy them.
There are many companies equipped with industrial shredding machines. Take a look at the video below – well, at least it looks like good fun.
Where to find the best way?
To summarize, only the actual physical destruction of your data storage device will give you one hundred percent certainty that any information won’t be recovered. Therefore, the only reasonable solution for companies is to leave the matter in the hands of specialists who can deal with the physical destruction of storage devices. Of course, there is nothing stopping you from doing it at your own way. In the case of “home users”, if there is no such need, it would be good to consider any of “soft solutions” mentioned above. The appropriate software should effectively discourage amateurs off someone else’s data.
All trademarks mentioned belong to their owners, third party brands, product names, trade names, corporate names and company names mentioned may be trademarks of their respective owners or registered trademarks of other companies and are used for purposes of explanation and to the owner’s benefit, without implying a violation of copyright law.