Five best Practices for Data Sanitization – Tips Learned from our Customers

By Samuel Peery

One of the rewarding parts of working with world-class customers is helping them establish best-in-class processes for their end of life IT assets. Even more inspiring is watching them surprise us as they improve and expand those processes in unexpected ways. Here is a brief overview of some of these process and principles we’ve learned over the years.

1: In Most Cases, One Wipe is Enough

One of the most common misconceptions is that multiple-pass wipe patterns are necessary or more secure. In the majority of cases that’s simply not the case. Years ago when data density on drives was low, it was sometimes possible using an electron microscope to view what are called “bit shadows” on a drive even after it was overwritten. These bit shadows could allow you to see what bits were there previously. With today’s hard disk technology, data density is so high that these bit shadows are no longer a concern and with a single wipe pass you wouldn’t be able to determine the previous data, even with laboratory equipment.

So when are multiple passes still necessary? Many companies and particularly government organizations require multiple passes, typically the DoD 5220-22M 3-pass wipe pattern. In such cases, it’s really a matter of policy rather than security. Even though those policies may be outdated and based on older technology, they still have to comply. The “better safe than sorry” rule also applies in such cases for security-sensitive organization.

2: Logging Tips

At this point it’s common knowledge in the ITAM industry that logging is an absolute must when sanitizing data. From a legal or regulatory standpoint, if it isn’t logged, you didn’t do it. Here are a few tips to make the most of your logging and improve your efficiency.

First, utilize reporting capabilities as a failsafe to monitor your processes. Most large organizations log to an internal database, but you can also utilize software capabilities such as emailing reports to managers. This can help you keep tabs on a large job or give you a second set of eyes just in case something goes wrong.

Second, utilize custom fields. Adding a few custom fields like the technician’s name, the department or company the devices are from, a pallet or batch number, and location can make your logs much more rich and robust in tracking down problems or reviewing status.

Third, automate data fields. Top-tier software allows you to custom configure the wiping process to auto-populate data fields. This keeps you from having to enter in values for every computer or drive. Sometimes this is unavoidable since information is unique, but if you can automate it those seconds saved spread across hundreds or thousands of units can equal real dollars in savings.

Fourth, one of our favorite practices was utilized by one of our remarketer clients. They would run system specification data using the wiping software and have it populate to their database before starting the wiping process. By piping this data early, downstream departments, such as the audit and e-commerce departments, were able to utilize it for their functions while the machines were still wiping. For example, they could post the machine for sale online before the wipe had even completed.

3: Use the Right Deployment Method

You’d be surprised at how many companies are unaware of the multiple deployment methods available using top-tier software. They’re making their job so much harder. The two most useful deployment methods are PXE server and remote wiping. Rather than running wiping software on one machine at a time, you can use a PXE server to wipe literally hundreds of machines simultaneously. A PXE server can be just a regular computer or laptop that is connected to a switch which then connects to the client computers you’re wiping. Most corporate computers are set to first boot from a PXE network if one is available. This means when you plug the computer into the switch and turn it on, it will automatically receive instructions from the wiping software and begin the erasure process. You don’t even have to have a monitor or keyboard. Once the machine is done wiping, which you can see on the server, you unplug that computer and plug the next one in. One client was able to wipe hundreds of computers in one day with one technician using this method.

Another often overlooked option is remote wiping. This is an obvious choice, or rather need, for organizations with remote or branch locations, but it should also be considered for use within corporate headquarters. By remote wiping you can substantially speed up the wiping process when a machine is retired thereby ensuring better data security. For large corporate headquarters it’s much more efficient to have a tech remote in than to trek across campus.

4: Wipe Early to Increase Security

We just mentioned that remote wiping can help you wipe your data earlier in the retirement process, but we want to underscore how important this can be. It is common for us to talk to companies that let their old computers and drives sit in a back room for three years or more. The whole time those computers are waiting to be processed, data is at risk. Anyone with access to the storage location could potentially compromise your data. In fact, sometimes this happens quite innocently when an employee thinks to himself, “The company is just going to throw these away so I’ll take one home for personal use.”

By wiping computers immediately upon retiring them, they can sit in the back room as long as you want and you face no additional risk. As we like to say, “Remove the data, remove the risk.”

5: The Latest on SSDs

Many of our customers have had concerns about SSDs over the last few years and for good reason. Many manufacturers had not properly implemented the commands allowing access to the whole drive. Running these commands would miss reallocated sectors found in a swap-portion of the drive used for load balancing.

While there are still some older drives with this problem, new SSDs solve this problem in three ways. First, most new drives properly implement the erasure commands and allow access to the full drive space. Second, many SSDs are self-encrypting, allowing wiping software to perform a so-called crypto erase by removing the encryption key and rendering the data unreadable. Third, the only way to remove data from an SSD is to physically remove the memory chips from the board and place them on a separate controller. Newer drives use dissolving solder on their chips so the pins are destroyed upon removing the chip.  This makes it extremely difficult to read any data from that chip and is a sufficient security measure for all but the most classified data. The bottom line is, with most newer SSDs, you have nothing to worry about.

Of course, there are still many older SSDs out there, so how do you handle them? One option is physical destruction but SSDs retain their resale value so well that’s like throwing money down the drain. Even if you do physically destroy SSDs you have to be sure to use the right equipment as some shredders allow SSD chips to pass through unharmed. The good news is that top-tier wiping software has ways around this problem. First, using the right software you can remove freeze locks to access some protected parts of an SSD. Second, by wiping an SSD seven or more times you can ensure most if not all of the swap sector is erased because each time you wipe, more the swap data will be moved into the accessible portion of the drive. Wiping an SSD seven times may seem extreme, but SSDs wipe very quickly and the assurance of additional security is usually worth it.

When addressing SSDs, most of our customers evaluate the level of risk their data poses and choose a sanitization path that matches. This may mean both data erasure followed by physical destruction for high-security military organizations, but for the majority of organizations using the right software and wiping multiple times provides such a high degree of assurance that they’re comfortable with that risk profile.

Conclusion

While data sanitization can often be an afterthought in the ITAD process, there are many efficiencies that can be gained and improvements in security made by implementing a few small changes. We hope these tips will help you improve your process.

About the Author

Samuel Peery is the Director of Marketing for WhiteCanyon Software.