Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Ensuring Data Security When It's Time to Retire Computers



 By: Brian Prince
2009-05-11
Article Rating:starstarstarstarstar / 1


There are 3 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
The recent discovery of a computer on eBay with data on a U.S. missile system underscores the importance of securing data when it is time to retire and dispose of a machine. Enterprises need to have proper plans and oversight in place to protect their information.

When reports that data on a U.S. missile system was found on a computer auctioned on eBay, enterprises were provided another example of what happens when they fail to securely manage data at the end of its life.

In this case, the consequences were nil, as the computer in question was purchased as part of a research project and has been turned over to the FBI. Still, the situation underscores the importance of having policies in place to protect data that extend all the way to the "death" of an organizations machines.

Most companies have trouble with data destruction because the task of hardware provisioning and inventory control is delegated to less-experienced IT staffers who have not been trained and do not understand the importance of destroying old data on these machines, said John Kindervag, an analyst with Forrester Research. Also, it often takes hardware such as degaussers or data wipe software that may be expensive or take time that the enterprise doesnt allocate to the process.

In the case of the missile data, the information was for a U.S. Army project designed by Lockheed Martin known as the Terminal High Altitude Area Defense (THAAD). It was purchased as part of research by the University of Glamorgan in the United Kingdom, Edith Cowan University in Australia and Longwood University in the United States. The survey, commissioned by BT, found that more than a third of the 300-plus hard disks it examined contained data that could be tied to an individual or commercial organization.

Resource Library:

Solving this problem involves developing a PC disposal process that stretches from budgeting to the actual wiping of machines. Organizations need a policy that will provide a chain of custody from the moment a machine is removed from service until it is actually disposed of, Gartner analyst Frances OBrien noted in a report on the issue.

Before disposing of a device, enterprises should scan it for data discovery, O'Brien wrote. There should also be thought given to whether or not a machine can be reused internally or sold as well as to whether software on the machine can be redeployed (if allowable by license) before the device is sanitized, the report continued.

And sanitized the machine should be not simply cleared.

Clearing data removes information from hard drives in a manner that renders it unreadable unless special utility software or techniquesit doesn't permanently delete the data, it just makes the computer 'forget' about the data, OBrien wrote. Sanitization is the process of removing sensitive data from media in such a way that it is beyond the reach of all ordinary and most laboratory recovery methods.

For sensitive data, it's best to do it using a disk degausser or seven-way random write algorithm, which some operating systems support either through tools or the command line, noted Forrester analyst Andrew Jaquith. There are also third-party tools that do this as well, he said.

There's also the physical option, he added. A sledgehammer to the memory card or hard disk is quite effective. It's also usually faster and arguably more satisfying.

Another layer of protection can also be found in encryption. Deguassing or physically shredding a drive can be costly, said Seagates Gianna DaGiau said. Overwriting a drive also may be incomplete if it doesnt cover reallocated sectors or is thwarted by drive errors.

Some corporations have concluded the only way to securely retire drives is to keep them in their control, storing them indefinitely, said DaGiau, Seagate's senior manager of enterprise security. This cannot be considered truly secure, as large numbers of drives in close proximity can easily tempt employees and lead to some drives being lost or stolen.

In the end, it all comes down to policy and workflow, opined Forresters Kindervag. What does an organization do when a decommissioned machine comes into the shop?

If a company creates a proper workflow and provides the training and tools necessary to perform these relatively simple tasks, then their risk of ending up in an embarrassing situation such as the eBay oneis greatly diminished, he said.






  Reader Comments: Ensuring Data Security When it's Time to Retire Computers
>>> Post your comment now!
Secure Hard Drive Destruction
When it comes to secure data destruction, a growing popular option is to have your hard drive shredded or destroyed physically. <a...
Posted At: 05-21-09
By: Alan
President
The biggest risk of IT asset disposal is employee theft. If an organization does not have proper control, the fox is watching the hen house. When...
Posted At: 05-12-09
By: Kyle Marks
Data-In-Retirement Policies
As John Kindervag at Forrester pointed out... an organization's data retirement policy is key to avoiding data losses when retiring IT assets. As a...
Posted At: 05-11-09
By: Robert Davie
>>> Post your comment now!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


xr8(ViW1E]RleM[R:EB!)/=w^9q_>M -yvWm[" D;> IM˙k.lJg9[D{{}!GP|gS/92r=z#m)>M3ĩ 5w5Gl&J AT{j xL5uM}ٚ7'x2 X m$8zڀ'jZlZ P8$H.( wm<"a}c $aL n8up;ڀRrLEsrN}~A5y9vtx/ȯ0FD_*QI- Y|/LZ@<'NwjQ2ZF-oZjZAS# T$0yY>E4f‰EUq}BBp4:AGAticšwh4ά@7h`C:ҋ:L ~;ݣn]?'tayXŞ*LQ^i50CGA 6]LR}>tq PhR0<sz7Ln-σ5_ӽk:F?A6xBe^~}̢1O[>=woouG &QsaPBԁ!~~9.b&A/tKt=JIAL"D%  h4AǰEENlbo(w$]I+Tbz"ҶBI}vn KŔ=*%nqR%a 3ʬ$&vϏa[LboD6], S mo3-mu{6 z`ơ'3yjVRTEAzdEW5.Sq r@后3t p#EQÂ[zu|{< Z\愩M*C=@3~ ~f탪Az Bfg*4+dpPsg <`t= Xհ݅2||IjkiSh |kV Spć 9E#rQϚX %<.ƲB"57cښJJ:$,4?gaM8F2b=i%ӻnR/|KԝQ48%'1`sW|]Ө5@di6[ͦE[9(i]jk-T8?![q5o|a׼1F]RZJKPDlPc/X kezdч(U2LF%?7k7CSklQ6qbQ5JȄm<ߪ%M*GV+Wbzg0 g%AqsGNݔ6 [IFbt |ꝸs@kQDsOTnlpH!%6D;~ҧV KxZU501@/ŵAb={3tJ.,]a6tgya98_YTO۫kʞtєүxӫvp ;fkxF3fԱeSPݷMiA̫%eLw6q2,ƸH~6=2eX]2XrǮmw٘Autn\?09CL-,瀛&,Z#gç! c$Dk_(+ `k_.z z>YP? !WܕVR5󀻬3wdlrCJREu x.(J9Aw)` N 2|h<|CX&,\$] DrAa T+c//'7].K i?aE"%ڧs!a*7+ \|;OgjZ(T+1:ѡUT9*Ju ??]ex$? r@0DO?_3ch9{RkJo?Cu:pɥK-˰p)#Z$ c`7. _GkOhB1F} l#d;X~\U4Uud XX 0(E{耰⢉!H;+4pý225\ZS:ٝ'(R~p;>mQI4YZD]ŤX LkQ Gť5 GφS1>̌:k}\WJZPK{iyE0qVv-"fdaDF4@wbC-ŬB+o |렀6RaCxނ9"zeaހWIlJhL[_JO.OVMШ6> ͋yL[toᄻ,OQ ½o~QB<Z܀#h zkGjy-%8r fĀİh{~UM+%e2"0҃F5cuMLŌYRL Ap5ز@n,r"wsԷйdNsl }~rnf@Dh> Lkr4hZM4'iwr£: ߀&\qcca} 2"n=n ~ϯI7AǭN:"c^.2|Y_x1׏':*Cz)#ʂE/S Ymq'&.҄^\T3 fc> 4y @Qʣ",߸X,W̑g^`sXZ>2lz ti>tGM4*6H!I jQ ud*+ZR^? +8rkn,: ⊗q~؀ τkox|A 6 2j=kR@u%hnrGSYq {a\/#n/$h@ހ1Mu0@L{%]M;o^l@ Tma?eDI*MluP U)7O]U%P-HjYx>80xnD}h8pM\&eM=J1z7xInI墦AkR;~O+a#ҵLƈQ@Z: GYdQ.|eR)*`7%ʠK= j ;! ]8`"MMxh=a?uq-49I(jԈ xϰLc V(YōyAhhqNL w/?Cﵪ(1A AE@"jCߵ?$ ?/l8F:~ݕDwɿg}@:mv;_ u_AwqHDмGx6R ~+Kx4Wsj㐔J~xtђ:6?NeF&;fB,&8Hzq'^Y{{l:+m}:#4.dhhqo0uncB|Iw޻y-%{.;Ozd睏, Y# BWǧͦ vpR`QqH17^z0L‴ )䯎wj_qbꥰjNZ _k5W&'7hamFp61w~uXL/PH2'_aHHT dDӿBlb%%hҫoeW!؉|@s`*=SL aʕCrWkb~]4ZU$=ݛ9F`cIŃ O~ؑq eީӊN|u +KׅNo͗!WC1k{R̵jПd 9oa`Jon7rO0>R8_Kҽ᧥}est3V*9$DH!H^ݍd_"2gNIJn/:}L9zd< ,fJfzӼ2iAxl3O7nC\pb_#1o~=ϸ2]a*w}o}VZtCqD &x/.)%eu@OKtG]_Q{O{[#60N Ħwsgcgf7Ƅ??C4ȥN4?tw9wBf#EVާA3C^o"rKw HT&r0BR\l% oT#Qc%l`coMF6#j~62R2#F+@>f: 3CoB /KXwjZ,h5A 7!E:pďh'Gu[}0齛t/X)Ls`T,_X/kR@GH"a}"( 3d:v||Ix@\ .W˅бl|yot;b %4&hJmKff-ԄGV0HtKʞo9DID "a׸#:qljNu+'c񌗷JsĝJe&l9MC6eE} :z eQ7%%^ei-+jA uJrFug{aAhbzyIDe.i<-I]ӘZJ,K1=tt4sٍCO6 D$ILF.?{)i<-ɭ:D7{@/ b!@6M]˕Me x$'d{ ޼| h Xi<-)ܵMOΨx vP 3$~*o^ӈ /-8# O8| Ox1P[icO~ʃo mF:,P!]MpJl CَL$L"`rnM|;R8Z'79Kzy 7W7W7W7W7WqhEm/=.)R?sk,0i[}2); {k~(-/sLүs]ѣU<}Wof wi8Ȭ52 tut"1;갈 ۔t3ݍ*$Jޡ'p䘒K `$r ³rzkMWQ8pe,zK%_{b 4l "I" b{tt$y2RO}]b(Ek5ő&z`?.8h7k{#,iI-I]m钺sJЉ9aMB" HCTYf&|ױ7v}k6m-JxF@l&:agZ:+f~Q0=ja0o@V pgWK h,0Q*u_ɟװ,/ \- w&"?[Nד=rYƵe3`;m-!pok~~i//m~ic^ŗy\ 'ɋ>#b1E+l@.h *}̤>}L-̈fL ͝~Kes:SٿcG^;P`nMƵVxr Lv7| .HCMwķ^ciL/!"K?qTݥe{',Yh6`im۟`n3߻yk1q5Ga)_E7 I?Ytĕ'7ى-x Q)w.oN MvxrǷ5< X++F]{A9-0~;kpX݊{WHjXm{Rw<P^?\ۦ{\D_ntkQ+"h[PVô-ynsWF%5{H JH 4;¾CX^qiW1"k4Gcu\]SS[WZoy[+W3rh!@ ,%9n,"xa /8yu%cn/͛I~p\o+Cvm.95͂E ` tCs95W(5u=b?=G/utIjbiA.c2·Zs1aϑ*B UNz ytNu,P*R!ѤF,6GZj>kik6j=!ɣ`5?nvn&.m']қ-~j%ܬTMt GܬG>SmQNa)'~c,qD\{^1Эq0e_J OZ')3ʭGmt{`*e;ݫsW5Uj*2lgN((%vYm&~C)^>f?g|r|sz9}Z<֛kt b>;2`B88X>$k ; m HXccNH0e+vl"6\%pKp|?Oq-g:粬J0OyXԞ=@_XYrRfw,&Yqۏo[ͳ.0Kk5bd >3K?+,g4@")X53?b)o&, <sYlŚX:˒`hnPobF .o3N {x.?_!Ƙ"j TTbЭB1˪M;InP}sY?e=` '2u/x߽[!VU%r&C*2;mLk$"}L'`߄WœFSz.MF Arj$7p ?>>|6ڄyiDž$YrcMr+7LӦ2K= o m;†,Ie%+փފ> sF@Yj$2G P56:i_srѾU=<y2K`#osdG{E |tH ]TW 3 xt'lQ3.!кbU? |9@G)׼9Ĕ#Xa޾ꢯԔDTw.2OaDP=SbX"fR1Q(px ~3&v+"&(6@א0H`lG7{H 1-LIy kXa/FLN<"X ? {K?,QY G3wأ4ϓ̦wחH-<-%)vqU@y+DL͂zĂG(c~BMFh_ąfF uA"\ dzw?,G͏we~lDM<2k;λ}-AG,G71=TgY4غ9P]Y%lkM‰/WQwqwsѾ\ rSM·_s}mP"eJӋfũ6u&\ «XgrxixɎ(bh,.6ytIt`JT/!jbTձ4MPl+3B=Vk؊km9Gj:ٙE֜fS3qr:X)` zQg Ó&ba>o Hk&5+<r<((('MfFy{H-AQ~'O?Nq\iVF9?t.2ʡ5~g/y|vnta݌w~7 >ෛ.৛.1.g7>@ Dg(Q~gewQ{1?sw1=/=? ː/@q _fsA?}?c}?cA \ S}}Y0 k(*Πkh:k K:ICP%.Np3Kq /ޯ?e4@yJˠ2,c/3\.2Kܿ2~2A\Zu CFWT=k /dmth8VҮaq_l(_zi k{yH2r hxVydb bye?VPw;]CҤ]z.!{%])r-XѧZ}5_9x=U26C{":ǁQU|.y|e8Ntw 1W }^fҖ6? fvd{rMtsn ]vO-v#ycćx&@_uq{Zţ;8ƚ ~3O߆rD'<+?}4;(fi3Q*5ýEYR78k]37}e\ 7㌠6ևɧ {xuCWec=tz}YP}38]7nޣ97pMX:n :#\ԴZjRsG%Wd+8 "2fDdU*.ZX,.g /(@#غM{%}C7<8fȳRLq u+[ %. gjE }by0\9+h `z4}z<8JN)Ib|+3}.Շoϓ. lJ//ӡxiCKQ,V,oTwjc^! 5t0=_SP2-#2O,5U,%w|w `/C׈`b)H#M^F`˫@O8%mF"0~.*BHߊ%դ?ւݍohjb5spݘv͘$*T)m&ĤjG[[wz`L,'h_cErlGu ZCQ8݈83uwZN]k.$|c!5Z.mc6HmTώ{;[;!5mkupyi,x`M[eL~Ʈ$TǓȘ bם|(pIi/ 1S\ ~f~)Lmb[>/I>=7;6{N> !"q0q?K*GWGJL~O:3%Id`-߀9o4 Cc1Δ_>x*8]vu$$}9= zL }ߞsQHK7Cס a4X9VX#e u. MSA۹$}^w:n _{ma?&. (OP"q}$!1qw=Gb$n`sh kk8xZ#|FMPL\,"ϷϒezLT zZO:= n,8^ ϓޒ{־( ;CLc?K2x_,/;vk3)fGNFp)hN<}y?٢ u+ ğ? \cwHV&(:bzUu ѫrcYRFfEBi1Y=_v{[=/'R`v ǯ-ǬvJ^Qt 7tlmb @J[ >73Tt ` GYu`Kr 8ǩk[mx{ w}uky!.,0:7 f˟]~Tqٮ7(G,cӴ+`j7E]YtAˣŬ"&D0Ȯ'%َ' )}ɦbGnԌaBrav L$g8% 3^೐|,/A,TT/D4NB}aEtLR