Weapons of mass data destruction

What's the best way of securely disposing of your enterprise's sensitive data? Davey Winder investigates...

Whether you opt for in-house or outsourced disposal, you should by now have realised it really is imperative procedures for the secure disposal of data, including the hardware upon which that data may reside, are included as part of your enterprise information security policy.

 This cannot be overstated, and that policy should form the base for all data erasure and hardware disposal procedures. It is also essential, as nicely highlighted by the NHS Surrey case we previously mentioned, that data erasure and hardware destruction are not treated in isolation.

Advertisement - Article continues below

If the company doing the disposal had followed a documented process of logging actions as they were performed,  and had first erased the data and then destroyed the hardware, that Trust would have been 200,000 better off.

 While it is a given that implementing a method of secure data erasure and physical destruction of the drive in combination is going to provide the most reliable method of permanently disposing of data, we cannot state categorically that this is the most sensible option for everyone.

It is essential, therefore, that any data disposal policy includes a method of classifying data and categorising it in terms of confidentiality and value.

Common sense must prevail.  While all data may be equal when it comes down to bits and bytes, when it comes to data value, then some is more equal than others. It is essential, therefore, that any data disposal policy includes a method of classifying data and categorising it in terms of confidentiality and value.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Government bodies use a system of Impact Levels that classify data as being from IL1 through to IL5, and the disposal methodology varies according to the classification it bears. This may sound a little secret squirrel for your average company, but the principle is perfectly logical.

There is no point hiring a van with an industrial shredder on the back (yes, they do exist) that will all but disintegrate any drives thrown through it if the data involved could be safely degaussed or overwritten to prevent it being read when the drive is reused.

The cost efficiency side of data destruction shouldn't be overlooked either. If your data can safely be erased without a regulatory requirement for the drive it was sitting on to be vaporised, then it makes sense not to destroy it.

After all, a computer with a functioning hard drive has a greater resale value on the second hand market if you take that route with old equipment, and a functioning drive can often be repurposed within the business as well.

Advertisement - Article continues below

Finally, ensure your data disposal policy is kept up to date and covers all bases. By that we mean an end-of-life policy must consider all methods of data storage from desktop and LAN drives through removable media, mobile devices and the cloud. The latter will, of course, open up a whole new can of regulatory and practical worms, but that's an IT Pro story for another day.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

3 Aug 2020