Importance of Data Wiping
Data wiping is a process through which digitally stored information on a device is made inaccessible. A wipe thoroughly overwrites any existing storage arrays, effectively rendering them illegible and buried.
Digital information storage is coordinated by sequences of binary code. A series of these binary values is allocated to a matrix in a specific arrangement that denotes the nature of its content.
The unique orientation of the sequencing – including its start and end points – are critical to conveying its data when accessed. However, there are numerous methods to recover or transcribe damaged data. For example, deleting a file generally only removes a slice of the start and end sectors.
Data wiping is employed to completely obscure the entirety of the stored sequence. With a proper data wipe – which can require multiple passes – the binary array is edited and re-edited with additional code.
A “pass” involves overwriting a memory element with another character (such as 1 or 0). The more exhaustive a clear, the more passes may be used. The complete process is often referred to as data sanitization.
Why not just toss the memory element (e.g. hard drive) and start fresh with new equipment? There are a number of reasons why data wiping is a preferred route for individuals and businesses:
Destroying hard drives or other storage equipment comes with some opportunity cost. There’s no reason that an adequately sanitized hard drive cannot be traded or exchanged aftermarket. For many hobbyists, small businesses, or entrepreneurial operations, mitigating the cost of computer system upgrades is financially important.
Data wiping enables users to not only re-sell units, but also purchase higher end units that have been retired or refurbished. Careful parts selection can save even small-time operations thousands of dollars in upgrade costs on hard-drives alone.
Many industries have specific guidance on the proper disposal, protection, or erasure of data once a storage device is retired. These ordinances may be upheld at the federal level, or exist merely as part of a company’s quality management system.
For instance, HIPAA understandably requires an explicit degree of data wiping in order to guarantee a safeguard for private medical information.
Depending on the level of rigor specified by a given industry, a 3rd party data sanitization company may be required to oversee, validate, and verify a compliant wipe.
Best practices for the disposition of electronic equipment prioritize efficient parts recycling over waste generation.
A 2020 study at Cambridge University observed that US data centers remove over 22 million hard disk drives from service each year. Many of these drives are destroyed or otherwise processed in a non-sustainable manner. The toll of conservation-averse procedures is palpable: an estimable 5% of the world’s total rare-earth magnet material (outside China) could be attributed to successfully recycling these wasted data storage units.
Modes of Data Wiping
Data wiping can be performed in a variety of ways. The desired modality will depend on the specific application and its associated regulatory framework. For clearing low-impact information, like a home-use hard drive, a single pass overwrite could suffice. Higher order wipes require more sophisticated procedures.
The National Institute of Standards and Technology (NIST) designates four general categories of data sanitization:
- Physical Destruction
- Self explanatory. Physical destruction involves directly and irreparably dismantling a storage device. All data storage components must be thoroughly damaged – not simply inoperable. Crushing, disintegration, shredding, and incineration are commonly used tactics. These methods generate significant electronic waste and require transport to eligible disposal facilities prior to data wiping (a data breach risk vector).
- Clearing refers to the single and multi-pass overwrites noted previously. Clears target all storage locations in a memory unit. Factory resets can sometimes qualify as a clearing procedure. Clearing is less effective at wiping damaged devices, or units that do not have clearly mapped / linear memory elements (e.g. SSDs).
- Purges utilize specialized command programs to execute overwrites, block erasures, and encryption destruction. If a device is not compatible with purge commands, users will need to apply a different data wiping modality.
- Degauss wiping concerns the use of an external electromagnetic (EM) device – a degausser. Data is stored via a magnetic matrix in storage disks. A degausser emits an antagonistic EM field that disrupts the storage field, effectively destroying any contained data. Non-magnetic devices (or devices with a powerful innate magnetic resonance) will require an alternate data wiping method.
Stream Recycling Solutions – Our Services
Identifying the proper method for recycling your business’ data storage equipment is crucial to a compliant, sustainable, and cost-efficient quality management system.
Stream Recycling Solutions specializes in IT asset disposition. We develop strategies compliant to HIPAA, SOX, and ITAR – allowing your operation to breathe a little easier knowing the asset chain-of-custody is secured on an end-to-end basis.
For a consultation or inquiry about our data sanitization and wiping services, reach out to our team by phone or e-mail.