Weapons of mass data destruction

What's the best way of securely disposing of your enterprise's sensitive data? Davey Winder investigates...

Whether you opt for in-house or outsourced disposal, you should by now have realised it really is imperative procedures for the secure disposal of data, including the hardware upon which that data may reside, are included as part of your enterprise information security policy.

 This cannot be overstated, and that policy should form the base for all data erasure and hardware disposal procedures. It is also essential, as nicely highlighted by the NHS Surrey case we previously mentioned, that data erasure and hardware destruction are not treated in isolation.

If the company doing the disposal had followed a documented process of logging actions as they were performed,  and had first erased the data and then destroyed the hardware, that Trust would have been 200,000 better off.

 While it is a given that implementing a method of secure data erasure and physical destruction of the drive in combination is going to provide the most reliable method of permanently disposing of data, we cannot state categorically that this is the most sensible option for everyone.

It is essential, therefore, that any data disposal policy includes a method of classifying data and categorising it in terms of confidentiality and value.

Common sense must prevail.  While all data may be equal when it comes down to bits and bytes, when it comes to data value, then some is more equal than others. It is essential, therefore, that any data disposal policy includes a method of classifying data and categorising it in terms of confidentiality and value.

Government bodies use a system of Impact Levels that classify data as being from IL1 through to IL5, and the disposal methodology varies according to the classification it bears. This may sound a little secret squirrel for your average company, but the principle is perfectly logical.

There is no point hiring a van with an industrial shredder on the back (yes, they do exist) that will all but disintegrate any drives thrown through it if the data involved could be safely degaussed or overwritten to prevent it being read when the drive is reused.

The cost efficiency side of data destruction shouldn't be overlooked either. If your data can safely be erased without a regulatory requirement for the drive it was sitting on to be vaporised, then it makes sense not to destroy it.

After all, a computer with a functioning hard drive has a greater resale value on the second hand market if you take that route with old equipment, and a functioning drive can often be repurposed within the business as well.

Finally, ensure your data disposal policy is kept up to date and covers all bases. By that we mean an end-of-life policy must consider all methods of data storage from desktop and LAN drives through removable media, mobile devices and the cloud. The latter will, of course, open up a whole new can of regulatory and practical worms, but that's an IT Pro story for another day.

Featured Resources

Next-generation time series: Forecasting for the real world, not the ideal world

Solve time series problems with AI

Free download

The future of productivity

Driving your business forward with Microsoft Office 365

Free download

How to plan for endpoint security against ever-evolving cyber threats

Safeguard your devices, data, and reputation

Free download

A quantitative comparison of UPS monitoring and servicing approaches across edge environments

Effective UPS fleet management

Free download

Recommended

NHS adopts predictive AI tech from controversial startup
public sector

NHS adopts predictive AI tech from controversial startup

26 Apr 2021
NHS to digitise coronavirus testing with new Scandit deal
digital transformation

NHS to digitise coronavirus testing with new Scandit deal

8 Apr 2021
Gov 'forced into major U-turn' on NHS deal with Palantir, privacy group claims
Policy & legislation

Gov 'forced into major U-turn' on NHS deal with Palantir, privacy group claims

1 Apr 2021
Hancock reveals digital future of NHS
digital transformation

Hancock reveals digital future of NHS

18 Mar 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021