|
 |
|
General Information
|
Add To My Personal Library |
November 21, 2008
• Vol.30 Issue 47
Page(s) 26 in print issue
|
Calling In The Pros
Finding A Vendor To Securely & Reliably Dispose Of Data & Drives Is Vital To SMEs
|
Jump to first occurrence of: [DMD SYSTEMS RECOVERY]
There are huge risks associated with the loss of data that can occur if an improperly wiped hard drive gets into the wrong hands. Like a bank vault filled with cash, an enterprise’s data can be worth a lot to data thieves seeking to steal personal information for illicit purposes or corporate spies who want to gather intelligence about your enterprise’s operations.
“The risk is the leak of sensitive data to persons outside the organization. In theory, criminals could actively seek out old media,” says Paul Wood, a senior analyst for MessageLabs (www.messagelabs.com). “There is a lot of information that can leak, and the risks vary depending on the type of data and the organization at fault. Common threats include identity theft, such as taking control of a victim’s bank account or credit cards by sending fake change-of-contact details, or the use of someone else’s ID to apply for spurious IDs such as passports and driving licenses.”
So when it comes time to add a new RAID configuration, replace a server, or dispose of user workstations and you need to remove hard drives that are packed with sensitive data, who should an admin turn to? Here are some tips to help you make sure the job is done in a safe and secure manner.
 Establish Your Criteria
Finding a vendor that you can count on to safely and securely dispose of your hard drive is not something to be taken lightly. There are many vendors out there that will gladly pick up your media, yet it is often difficult to find one on which you can truly rely. However, you can narrow your search down to a few vendors by ensuring that they meet a set of specific criteria.
“Look for a company that has adequate hardware and software to use for destruction purposes,” says Cliffie McKay, director of operations for DMD Systems Recovery (877/777-0651; www.dmdsystems.com). “Look for a company that has a history of performing data destruction for other companies and that can provide adequate documentation, such as a Certificate of Destruction and a list of destroyed serial numbers.”
Environmental Factors
Once you find a firm that meets your general criteria, your next concern should be about the firm’s environmental practices. Whether you need to comply with regulatory issues or you have ethical concerns and want to ensure that the media is disposed of in an environmentally friendly way, there are firms that take special care to make sure that hard drives and other electronics equipment do not end up in a landfill.
“We have found companies that will run the devices through a sanitization process to clear the data, crush the devices, extract the metal pieces, and recycle the metal, keeping potentially harmful metals out of landfills,” says Michael Petrino, vice president of PTS Data Center Solutions (www.ptsdcs.com). “This is occasionally called e-recycling. When considering a corporate environmental policy, this initiative is a greener approach [than] filling landfills with more e-waste.”
Moreover, laws and regulations mandating how electronics are disposed of are becoming stricter, which means your firm could potentially be liable if hard drives are improperly disposed of. The firm you choose should document that its processes meet regulations, which should also be checked over by legal counsel.
“[The service] requires having a specific business process for the handling of old devices that is usually part of a larger goal of compliance to HIPAA, DoD, or [Sarbox],” Petrino says.
Keep Tabs On Data & Equipment
Firms that dispose of your hard drives should carefully label and track where your media is at any given time once it is removed from your enterprise. However, documenting and tracking disk media should begin as soon as it is removed from a PC or workstation, long before it is taken offsite. A scenario to avoid, for example, is for hard drives to become lost or stolen while they are still at the enterprise.
“You need a complete ‘chain of custody,’ just like evidence in a crime, to guarantee data disposal,” says Randy Murray, vice president of marketing and operations at Horizon Datacom Solutions (www.horizondatacom.com). “Even moving them around inside your organization is a risk.”
Do It Yourself
Maybe your enterprise’s policy does not allow storage disks with company data to be taken out of the enterprise, so you must thus delete the data onsite. Or perhaps you want to make sure that the job is done right by doing it yourself. Taking a hammer to the drives can pose environmental and safety issues for workers, so one option is to rent a degaussing system for use onsite. Buying a system can easily cost more than $20,000, but it is possible to rent a system for just a few hundred dollars a day, depending on your data center’s location and the amount of drives that must be treated, says Peter Ruzich, vice president of sales and marketing for Global Computer Pro (www.globalcomputerpro.com).
“We have customers that aren’t allowed to take their disks offsite, so they rent [a degaussing system] to save the costs of buying one,” Ruzich says. 
by Bruce Gain
Bonus Tips
Read the menu. When you choose a vendor, it is necessary to find out which methods it uses and decide which solution best meets your needs. One of the following services should be provided to make sure data is properly deleted: degaussing or shredding the media to ensure that the data is destroyed or using software that meets the applicable regulatory compliance requirements to wipe disks clean.
Call references. Many employers often fail to call and check employee references before making a hire. Similarly, IT managers often fail to check the references of vendors that are under consideration for the safe and secure removal of your enterprise’s hard drives. Three or four phone calls and a few minutes of your time are all it takes, and any vendor worth checking out should be happy to provide references. |
Best Tip: Thoroughly Vet Your Vendor
You have done your due diligence, and everything about the vendor you choose checks out. But have you seen for yourself what the vendor actually does when disposing of its customers’ hard drives? The best thing that can be done as a final step is to go to the vendor’s location and witness what goes on in person.
“IT administrators should not be afraid to ask their contractor[s] for a tour of the facility and examples of media that is destroyed while they are watching,” says Cliffie McKay, director of operations for DMD Systems Recovery (877/777-0651; www.dmdsystems.com). “They should be very weary of any company that will not allow them to watch their process.” |
Best Return On Investment: Wipe Data Without Destroying Drives
The complete destruction of hard drives may guarantee that no one can steal your data, but an alternative solution allows for the drive to be reused after the data has been permanently deleted. Software solutions exist that vendors say truly wipe disks clean, while giving you the added bonus of recovering the disk for further use. Alternatives also exist that meet U.S. Department of Defense 5220.22-M standards and are HIPAA and GLBA compliant, says Peter Ruzich, vice president of sales and marketing for Global Computer Pro (www.globalcomputerpro.com). At a minimum, a software solution can allow you to recoup your investment in hard drives that would have otherwise been destroyed if you had not used a software solution. |
|
|
