Security Corner

Apr 24 2010   1:16AM GMT

Brute Force Data Destruction



Posted by: Ken Harthun
Tags:
Data destruction
Data sanitization
Security

What do you do when a long-time client, a non-profit organization subject to HIPAA regulations, has been stockpiling old hard drives until they can afford the cost of shredding them? Professional data destruction services charge anywhere from $10 to $25 or more per hard drive in addition to the pick-up fee. Here’s a video that shows a hard drive shredder (scroll down to the middle of the page). My client was looking at almost $1200 and just couldn’t seem to find room in the budget. They needed a viable–and cheap–solution.

The least expensive option would have been to train a staff member on how to use an old PC to hook up the drives and run the HDDerase utility. (See How to Quickly & Securely Erase a Hard Drive.) For various reasons, the client wasn’t in favor of this; they wanted someone “in the know” to do it.

After determining that there was little likelihood of any truly sensitive data sitting on those hard drives, I suggested a brute force approach: Physically damage the drives, then take them to a community recycling center and dispose of them. The total cost of this approach would be around $100. The client agreed.

The photo above shows the result of 3-4 sharp blows with the root-cutter end of a cutter mattock applied to the platter end of the hard drive case. The photo below shows the resulting damage to the platters.

You could argue that this isn’t enough destruction to meet regulatory security standards and you would be right. My rebuttal would be this: 1. There probably isn’t anything of value on those drives; 2. The cost of trying to recover anything on those drives would be prohibitive; and, 3. Where they’re going tomorrow, no one will know who owned those drives and wouldn’t care anyway if they did. Bottom line: The drives will be shredded and recycled as originally planned at a fraction of the cost.

Sometimes, it just takes a little common sense to deal with these issues.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: