Weapons of mass data destruction

What's the best way of securely disposing of your enterprise's sensitive data? Davey Winder investigates...

Whether you opt for in-house or outsourced disposal, you should by now have realised it really is imperative procedures for the secure disposal of data, including the hardware upon which that data may reside, are included as part of your enterprise information security policy.

 This cannot be overstated, and that policy should form the base for all data erasure and hardware disposal procedures. It is also essential, as nicely highlighted by the NHS Surrey case we previously mentioned, that data erasure and hardware destruction are not treated in isolation.

If the company doing the disposal had followed a documented process of logging actions as they were performed,  and had first erased the data and then destroyed the hardware, that Trust would have been 200,000 better off.

 While it is a given that implementing a method of secure data erasure and physical destruction of the drive in combination is going to provide the most reliable method of permanently disposing of data, we cannot state categorically that this is the most sensible option for everyone.

It is essential, therefore, that any data disposal policy includes a method of classifying data and categorising it in terms of confidentiality and value.

Common sense must prevail.  While all data may be equal when it comes down to bits and bytes, when it comes to data value, then some is more equal than others. It is essential, therefore, that any data disposal policy includes a method of classifying data and categorising it in terms of confidentiality and value.

Government bodies use a system of Impact Levels that classify data as being from IL1 through to IL5, and the disposal methodology varies according to the classification it bears. This may sound a little secret squirrel for your average company, but the principle is perfectly logical.

There is no point hiring a van with an industrial shredder on the back (yes, they do exist) that will all but disintegrate any drives thrown through it if the data involved could be safely degaussed or overwritten to prevent it being read when the drive is reused.

The cost efficiency side of data destruction shouldn't be overlooked either. If your data can safely be erased without a regulatory requirement for the drive it was sitting on to be vaporised, then it makes sense not to destroy it.

After all, a computer with a functioning hard drive has a greater resale value on the second hand market if you take that route with old equipment, and a functioning drive can often be repurposed within the business as well.

Finally, ensure your data disposal policy is kept up to date and covers all bases. By that we mean an end-of-life policy must consider all methods of data storage from desktop and LAN drives through removable media, mobile devices and the cloud. The latter will, of course, open up a whole new can of regulatory and practical worms, but that's an IT Pro story for another day.

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Recommended

NHS adopts predictive AI tech from controversial startup
public sector

NHS adopts predictive AI tech from controversial startup

26 Apr 2021
NHS to digitise coronavirus testing with new Scandit deal
digital transformation

NHS to digitise coronavirus testing with new Scandit deal

8 Apr 2021
Gov 'forced into major U-turn' on NHS deal with Palantir, privacy group claims
Policy & legislation

Gov 'forced into major U-turn' on NHS deal with Palantir, privacy group claims

1 Apr 2021
Hancock reveals digital future of NHS
digital transformation

Hancock reveals digital future of NHS

18 Mar 2021

Most Popular

Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Zyxel USG Flex 200 review: A timely and effective solution
Security

Zyxel USG Flex 200 review: A timely and effective solution

28 Jul 2021