Shred Only or Not? – Business Issues around Data Destruction and a Shred Only Policy

By Sean Giffen & Leigh Kimmelman

Let’s face it, data breaches can be very costly and drive shredding is a proven technique for data destruction. Whether or not this is the ideal solution depends on numerous factors including data erasure technology, environmental impact and the value of those drives being shredded.

Risk Mitigation

When it comes to data destruction, the real fear is about data breaches. They can be very costly. Many organizations take the path of least resistance and use a “shred only” policy. While this may remove any chance of a data breach, there can be a significant financial impact in that these shredded drives can no longer be reused. When you are shredding thousands of drives annually, you are also throwing away any value each of those drives may have.

Physical destruction of failed or retired drives is not necessarily the guaranteed way to avoid a data breach. Areas of concern still exist, such as: Who is handling the physical destruction? Are the drives truly being stored securely prior to data destruction? Is secure shipment (if done offsite) really secured? Are the disk platters and/or NAND flash chips (SSDs) being shredded to the specified size? In a nutshell, any physical handling poses risk. The safer alternative might be to find a data sanitization solution that can be used onsite and provides forensic-level data sanitization along with a certificate of sanitization.

Figure 1 shows examples of the cost of data breaches that were the result of asset mishandling. This information is being offered only as confirmation that data breaches are very costly, and even with what are perceived to be secured handling procedures, security threats and losses can still happen.

Shred Only Impact

With drive shredding, there is a hidden downside which is a negative environmental impact. Yes, the majority of IT asset disposition (ITAD) providers practice responsible recycling (i.e., a zero landfill policy in which everything is returned to the manufacturing stream), but the energy use and resource component associated with drive shredding cannot be overlooked. When drives are shredded and then brought into the recycling process, the energy expended to shred the drives, transport the scrap to processing facilities, extract the raw materials from the scrap, and then transport those raw materials to manufacturers is significant. Data sanitization, refurbishing the drives and then reusing or remarketing those drives is much more efficient. This process uses less energy and places your organization in a better eco-position.

SERI, the non-profit organization that serves as the new home of the R2 Standard states: “Reuse is widely recognized as the most environmentally beneficial form of recycling. Repairing and reusing electronics extends the useful life of products and keeps them out of the waste stream. It also recovers more value per unit than any other form of materials management. Not only that, reusing electronics devices reduces the need to manufacture new units, and makes affordable electronics more accessible to a wider range of consumers.”

In-House or Secure Ship

When it comes time to retire computer drives, there is one very important business question that needs to be addressed: Should you process (data sanitize or destroy) those drives at your facility or use a secure shipping organization to transport your IT assets offsite to a secure processing facility? Even with a secure shipper, there are risks associated with secure shipping and having those assets out of your control. Consider the resources (people) at both the shipping and receiving docks: Have they had background checks? And even if they have, you never know what might occur when those drives are outside of your environment. There is also the unknown that could occur during transport. Let’s say the truck arrives at the processing facility and the security seal on the truck is broken. You know something happened, but have little or no insight into the circumstances.

Data Sanitization Software

There are two main computer drive technologies found in data centers and IT enterprise systems today: hard disk drives and solid state drives. These technologies are very different and data sanitization software will specifically state its ability to sanitize either or both of these technologies. The important take-away here is that there are solutions available for data sanitization on both types of drives and you should only use products that offer a Certificate of Sanitization (CoS) after a drive has been successfully processed.

Data sanitization software can be applied to loose drives or on drives when they are still mounted in racks. The obvious advantage of in-rack data sanitization is found with less operator intervention and therefore a reduced chance for error. A secondary advantage of in-rack data sanitization is speed. With the ability to plug directly into a rack and sanitize every drive, the amount of time and required resources is greatly reduced.

Computer Drive Types

To truly understand the business implications around shredding or sanitizing computer drives, we first need to make the distinction between hard disk drives and solid state drives.

Hard Disk Drives (HDDs): Hard disk drives are a magnetic media. The read and write mechanism relies on individual locations (addresses) holding a charge, digitally represented by either a “0”or a “1.” At all times, every address inside the drive can be made available for a read or a write operation. With older HDD technology, a multiple pass write operation was required to replace (destroy) all the data on that drive. This was due to inaccuracies in placement when the writing head was accessing physical locations on that drive. Contemporary HDDs have significantly greater address location accuracy, so a single write pass will fully delete (overwrite) any data on that disk.

Solid State Drives (SSDs): Solid state drives are not a magnetic media. They are comprised of multiple computer (NAND flash) chips. Inside each NAND chip, individual transistors hold the “0” or “1” that represents the digital data. Because SSDs are so much more expensive (and also much faster) than HDDs, any technique that will extend their life is highly desired.

Each transistor on each NAND flash chip inside the drive is limited by a finite number of data write cycles. When this number is reached, the NAND flash chip no longer functions correctly. As a mechanism for extending the life of SSDs, individual drives are over-provisioned with memory space, and by using complex algorithms to move individual blocks of transistors in and out of use, the life of an SSD can be extended. The mechanism employed to rotate these available memory blocks is termed “wear leveling.”

Data Destruction and Value Recovery

Hard Disk Drives: With HDDs, there are three (3) options available for data destruction. These are degaussing, drive destruction, and data sanitization. Both drive destruction and degaussing are “no turning back” processes, leaving the drive with no recoverable value other than as scrap. Data sanitization software for HDDs is a time proven and verifiable solution. These software products can forensically remove all the data from HHDs and still leave the drive intact, ready for refurbishing and reuse.

When you consider that many companies have thousands of drives in multiple locations, and these drives are given a predetermined replenishment cycle, thousands of drives are being replaced with newer technology on a regular basis. Many of these retired drives are still healthy enough for reuse. The act of physical destruction and/or degaussing drives for data security purposes results in hundreds of thousands (if not millions) of dollars being regularly lost for the individual company.

Solid State Drives: SSDs are not a magnetic media and degaussing is therefore not an option. There are only two (2) techniques available to businesses for comprehensive data destruction on SSDs. Drives can be destroyed or they can be sanitized. The drive destruction scenario is obviously less eco-friendly and there is still some potential for a data breach. Issues that need to be confirmed with drive destruction are particle size post-shredding and, in the case of “punching” each NAND chip, making sure you have conformed to documented spacing requirements. Also, as stated earlier, SSDs cost a lot more than HDDs; so on a per drive basis, SSD destruction is far more costly.

The wear leveling algorithms referenced earlier in this article are responsible for many challenges associated with forensic-level data sanitization on SSDs. This, in conjunction with a current lack of standards (manufacturer uniqueness with regard to how erasure commands are implemented by the firmware) means there is no one set of circumstances that will forensically sanitize any manufacturers drive. Each SSD manufacturer requires a specific set of procedures, so this must be taken into account by the data sanitization software vendor. Knowing this, the data sanitization software vendors must work with the manufacturers to make sure their products are effective at comprehensive data destruction on their drives. For the record, there are solutions available today that do provide forensic-grade data sanitization on SSDs.

Failed Solid State Drives: SSD technology is much newer than HDD technology. As an extension of this statement, many SSDs have not yet reached their retirement age. As of this writing, the vast majority of SSDs that require data destruction are failed drives that could be returned to the manufacturer as part of their return merchandise authorization (RMA) program. With the ability to forensically sanitize SSDs, the door is now open to destroy all data and data fragments on the drive and then return that drive to the manufacture for credit.

Conclusions

While drive destruction (or drive degaussing in the case of HDDs) can eliminate the risk of a data breach, from a business perspective, the ecological and financial implications of these processes are significant. It is acknowledged that not all drives will be healthy enough for refurbishing and reuse, and that these drives should be destroyed. Simple testing can easily determine whether a particular drive is healthy. Reallocating your used drives will save you money, and remarketing the used drives creates a (new) revenue stream from your existing investments.

Data sanitization for hard disk drives and solid state drives is a reality. Technology has advanced to where SSDs can be forensically sanitized, thus allowing failed drives to be returned to the manufacturer as part of their RMA program or put back into the spares pool. In the case of hard disk drives, verifiable forensic level data sanitization techniques have been around for many years.

The most effective path for risk mitigation lies in data sanitization as opposed drive destruction. There are ecological advantages of this along with the financial benefits. Taking this a step further, in-rack data sanitization requires the least operator interaction and therefore minimizes the opportunity for handling errors.

It is always best to perform data destruction procedures while drives are still in your full control. Even with secure shipping, incidents can happen that could expose your data to the potential for a breach.

About the Author

Leigh Kimmelman is the Marketing Manager for ITRenew.