If I had a hammer...

Working in the technology industry is a daily geekfest. Personally, I love learning about the next generation of software architecture, network intelligence and server virtualization. Yet in spite of the fact that our industry persistently challenges the laws of physics, sometimes it comes face to face with basic obstacles.

I saw this when I worked at a fly-by-night telecom start-up where we pitched high-speed private optical networking services. It was cutting-edge stuff until we realized that dark fiber is far from ubiquitous. More often than not, laying fiber involves digging ditches, getting permits, dealing with unions, and spooling wires up the sides of buildings. In this world, you'll be more successful working with guys from Brooklyn than engineers from MIT.

Data destruction is another area where high- and low-tech collide. There are, of course, several software programs listed in documents such as the National Industrial Security Program Operating Manual that specify how to overwrite a disk with loads of patterns of 1s and 0s. As if that weren't enough, there is a supporting process called degaussing in which a specialized device de-magnetizes a disk and thus erases all its data. The U.S. General Service Administration maintains a list of approved degaussers.

All of these data destruction techniques come together in the Department of Defense standard DoD 5220.22-M. This standard with the catchy name makes magnetic media "forensically unrecoverable." A bunch of companies are certified to provide DoD 5220.22-M services. You pay them; they do a couple of passes on your drives and then certify compliance. Wham, bam, thank you, Uncle Sam.

At the same time, lots of private sector companies use far less sophisticated techniques. Some use sledgehammers to bend the drives and pliers to rip apart the electronics. Others use drills to turn hard drives into Swiss cheese.

Want a little more pizzazz? You can also purchase disk drive "crushers" at the RSA Security Conference. These devices turn magnetic drives into toxic dust before your eyes.

As for certification, compliance and standards, the brute-force data destruction processes aren't closely managed or audited and there are certainly no log files associated with a 20-pound sledgehammer.

But next time your company needs to delete data, I propose going the sledgehammer route.

[Kalama]

Bigger Hammer

I've always, in tech support, subscribed to the notion of "bigger
hammer" ... the mere comment around any HAL unit tends to un-
crash systems, fix printing issues, re-connect network devices and
have other desired results. And, yes, sledge hammers are great.
Just wish I had access to a pile driver once in a while. KerPlunk!

[BrianFH]

Nailbiquity

If all you've got is a hammer,

then every problem looks like -- a disk drive?

[Andronicus]

Physical dystruction is not sufficient

While physical dystruction will destroy much of the data, there is no way to insure that no sensitive data can be re-compiled. Think that a square millimeter of disk likely has several kilobits of data. That much data could revial a corprate secret.

[viss9434]

good enough

Having tried to restore data from physically damaged disks, I can tell you that smashing your drive is going to make any kind of recovery cost-prohibitive.

For me it's all about practicality.

I mean, who goes around dumpster diving for potentially salvageable hard disks? There are much easier ways to steal sensitive data.

[BrianFH]

Dis-function Alert

Short circuit!! Illegal mash-up!!

Dysfunction + destruction = dystruction + desfunction?

Where's my resolver?

[lynxss]

We use the 30.06 method

I look forward to when we get 4 or 5 failed hardrives stacked up we need to get rid of. It means a afternoon of much needed stress release! Throw the drives in the back of the car and head out to the rifle range with a few work buddies. Nothing quite completely destroys a disk like a 50 cal muzzleloader.