Ensuring Data Security When It's Time to Retire Computers

When reports that data on a U.S. missile system was found on a computer auctioned on eBay, enterprises were provided another example of what happens when they fail to securely manage data at the end of its life.

In this case, the consequences were nil, as the computer in question was purchased as part of a research project and has been turned over to the FBI. Still, the situation underscores the importance of having policies in place to protect data that extend all the way to the "death" of an organization’s machines.

“Most companies have trouble with data destruction because the task of hardware provisioning and inventory control is delegated to less-experienced IT staffers who have not been trained and do not understand the importance of destroying old data on these machines,” said John Kindervag, an analyst with Forrester Research. “Also, it often takes hardware such as degaussers or data wipe software that may be expensive or take time that the enterprise doesn’t allocate to the process.”

In the case of the missile data, the information was for a U.S. Army project designed by Lockheed Martin known as the Terminal High Altitude Area Defense (THAAD). It was purchased as part of research by the University of Glamorgan in the United Kingdom, Edith Cowan University in Australia and Longwood University in the United States. The survey, commissioned by BT, found that more than a third of the 300-plus hard disks it examined contained data that could be tied to an individual or commercial organization.

Solving this problem involves developing a PC disposal process that stretches from budgeting to the actual wiping of machines. Organizations need a policy that will provide a chain of custody from the moment a machine is removed from service until it is actually disposed of, Gartner analyst Frances O’Brien noted in a report on the issue.

Before disposing of a device, enterprises should scan it for data discovery, O'Brien wrote. There should also be thought given to whether or not a machine can be reused internally or sold as well as to whether software on the machine can be redeployed (if allowable by license) before the device is sanitized, the report continued.

And sanitized the machine should be – not simply cleared.

“Clearing data removes information from hard drives in a manner that renders it unreadable unless special utility software or techniques…it doesn't permanently delete the data, it just makes the computer 'forget' about the data,” O’Brien wrote. “Sanitization is the process of removing sensitive data from media in such a way that it is beyond the reach of all ordinary and most laboratory recovery methods.”

For sensitive data, it's best to do it using a disk degausser or seven-way random write algorithm, which some operating systems support either through tools or the command line, noted Forrester analyst Andrew Jaquith. There are also third-party tools that do this as well, he said.

“There's also the physical option,” he added. “A sledgehammer to the memory card or hard disk is quite effective. It's also usually faster and arguably more satisfying.”

Another layer of protection can also be found in encryption. Deguassing or physically shredding a drive can be costly, said Seagate’s Gianna DaGiau said. Overwriting a drive also may be incomplete if it doesn’t cover reallocated sectors or is thwarted by drive errors.

“Some corporations have concluded the only way to securely retire drives is to keep them in their control, storing them indefinitely,” said DaGiau, Seagate's senior manager of enterprise security. “This cannot be considered truly secure, as large numbers of drives in close proximity can easily tempt employees and lead to some drives being lost or stolen.”

In the end, it all comes down to policy and workflow, opined Forrester’s Kindervag. What does an organization do when a decommissioned machine comes into the shop?

“If a company creates a proper workflow and provides the training and tools necessary to perform these relatively simple tasks, then their risk of ending up in an embarrassing situation such as the eBay one…is greatly diminished,” he said.