Your data is your private property. If stolen, it might lead to huge financial and reputational losses to you. Especially, theft of business data might result in loss of business, customer’s trust, and legal actions.
Hence, as an individual or organization, it’s critical for you to know the different data destruction methods available. It’s important to know how each one of the methods work and which one would be the most suitable in a given case. Let’s dive into it.
Data Destruction Methods
As per National Institute of Standards and Technology (NIST), Data sanitization and destruction methods can broadly be placed into four categories:
- Physical Destruction
Clear is a ‘logical’ way of wiping data from storage devices. It’s implemented by using overwriting techniques, methods, and tools that use standard Read/Write commands to Overwrite data with non-sensitive data (0’s and 1’s).
This can be attained with one write pass or multiple passes of fixed data value (such as all 0’s), or complex value, depending upon the type and sensitivity of data.
Clear should overwrite all the storage locations on the storage media, including the storage location of a file (E.g. File Allocation Table).
For devices that don’t support overwriting, resetting them to factory state (can be done by the manufacturer only) can also be considered as a method under the Clear category.
Disadvantages of Clear:
- Doesn't sanitize damaged devices.
- May not destroy data from unmapped flash-based storage devices such as SSDs and SSSDs.
- Overwriting the flash-based media reduces its lifetime.
Methods under this category use dedicated, device-specific commands to target and destroy the data by using Overwrite, Block Erase, and Cryptographic Erase techniques.
For instance, EXT command is used for ATA Hard Drives to overwrite, and CRYPTO SCRAMBLE EXT to crypto erase them (Provided that the ATA Hard Drives support overwrite and cryptographic erase techniques).
Let’s see what block erase and cryptographic erase techniques are:
Block Erase is usually meant to sanitize flash-memory based devices such as SSDs. It uses BLOCK ERASE command to erase the memory blocks.
Since new data can be written to a flash-memory based block only after it’s erased, block erase is a perfect match. You can Block Erase (if supported) and then rewrite non-sensitive data over these blocks to destroy the actual data.
Cryptographic Erase (CE)
This sanitization technique works for devices that have integrated data encryption and access control capabilities, and are known as Self-Encrypting Drives (SEDs). You can’t turn OFF the encryption feature on such devices.
SEDs encrypt data by using encryption keys which are required to decrypt the data. Cryptographic Erase (CE) destroys this encryption key, making the encrypted data irrecoverable. This makes CE the fastest data destruction technique as it’s just the key that needs to be destroyed.
The methods or software tools such as BitRaser that incorporate the above-mentioned techniques can be used for media sanitization.
Disadvantages of Purge:
- Device must support the execution of media-specific commands or say Purge techniques.
Degaussing is a technique which uses a degausser—equipment that produces powerful electromagnetic waves—for data sanitization.
Since the data stored on media like hard disks is in the form of magnetic field, the powerful electromagnetic waves produced by the degaussers can be used to kill this magnetic field, resulting in data destruction.
Degaussing may be considered as a physical destruction technique if it leaves the storage device unusable.
Disadvantages of Degaussing:
- Degaussing can't wipe data from SSDs and other non-magnetic storage devices.
- Existing degaussers may not have sufficient force to effectively degauss evolving magnetic media that have higher coercivity (magnetic force).
Though it has its own advantages and disadvantages, sabotaging the storage media may also be used for data destruction. For instance, physically damaging the platter of a hard drive might make the data unreadable.
To destroy the data by damaging the storage media, you must be able to completely destroy the components that contain data. Merely making the media non-functional wouldn’t help. For example, to use any of the physical destruction methods for sanitizing the SSDs, you must be able to grind its hard physical components into particles.
Some of the methods to damage storage media are mentioned below:
Let’s now discuss each of them one by one.
This method uses crushing equipment that may have a conical array of metallic teeth. The equipment, with its jaws and teeth, applies extreme pressure on the subjected storage media. Due to this pressure, the storage device gets damaged.
As you use shredders to shred papers into uniform shapes and sizes, you can also shred your storage devices. There are specialized media shredders for shredding different types of storage media like Compact Discs (CDs), and Digital Video Discs (DVDs). Shredding turns the media into pieces with an intent that no one could repair it and fetch the stored data.
Disintegration is similar to shredding and is usually done after shredding.
It requires disintegrators and grinders that have rotating blades or hammers for disintegration. The storage device is fed into the disintegrators for destruction. The disintegrators generally use a screen to filter out the larger pieces at the output and these are fed back to be broken into even smaller pieces.
Disintegration shreds the storage device into pieces that are non-uniform in shapes and sizes, and are much smaller than those you get by using shredders.
Melting means heating the device to a temperature where it could melt without reaching the flashpoint or getting burnt.
Incineration is the other way of data destruction, which is similar to melting. It uses a furnace to burn the media to ashes.
Disadvantages of Physical Destruction:
- The equipment in use may get damaged. For instance, SSDs are hard and may damage the equipment.
- Media needs to be transported which exposes the data to a risk of breach in the transit
- The storage media couldn't be reused.
- Generates e-waste.
- Media sanitization results couldn't be verified.
Which Media Sanitization and Data Destruction Method to Choose?
You can choose any data destruction method(s), depending upon the type, capacity and condition of the storage media, sensitivity of data, and any other factor that you may think of.
To choose the data destruction method(s), you must consider if the subjected storage device supports and is suitable for the chosen data destruction method.
For instance, you can’t use a software for the device which is non-functional or doesn’t support it. Choosing physical destruction method(s) is the only option in such cases.
Similarly, if you want to reuse a working device after data destruction, you’d choose a data erasure software and not a physical destruction method(s).
Given below is a chart that shows a comparison between various data destruction methods/techniques/categories to help you choose a suitable data destruction method:
|Data Erasure Software||Degaussing||Physical Destruction|
|Storage media can be reused||Storage media may not be reused||Storage media can’t be reused|
|Less expensive than any other method||Uses degaussers, which are expensive||Different physical destruction techniques use different equipment which are generally costly|
|Minimal human interference||Prone to human errors||Prone to human errors|
|No expertise is required||Expertise is required||Expertise is required|
|Might require a separate license key for every device||One degausser can be used for multiple storage devices||One equipment can be used for multiple storage devices|
|Data sanitization can be done in-house. Media transportation isn’t required.||Might not be possible in-house and needs media to be sent for degaussing exposing the media to the risk of data breach||Might not be possible in-house and needs media to be sent for physical destruction exposing the media to the risk of data breach|
|Works only when the storage device is in working condition||Condition of the storage device doesn’t matter||Condition of the storage device doesn’t matter|
|Eco-friendly||Leaves the environment polluted||Leaves the environment polluted|
|Generates a report that verifies data sanitization results||Data destruction couldn’t be verified||Data destruction couldn’t be verified|
|Issues data destruction certificate||No certificate is issued||No certificate is issued|
|Time-consuming process||Takes less time||Takes less time|
Using a combination of media sanitization methods and techniques may also be used. For instance, if you want to send your device for physical destruction to destroy the data and avoid the risk of data breach during the transit of media, you may use a software like BitRaser® that implements overwrite, block erase, and cryptographic erase as applicable and supported.