Summary: This article discusses the three most prevalent techniques of data destruction, namely Overwriting, Degaussing, and Shredding. Read this article to view the comparative analysis of these techniques based on their advantages and disadvantages, including their mechanism, convenience, scalability, and environmental impact.
There are several different techniques of data destruction. An organization needs to choose a suitable technique based on factors like storage media type, internal policy mandates, audit and compliance requirements, logistic and financial constraints, technical expertise, etc. This section outlines the three most prevalent data destruction techniques, namely:
1. Overwriting (aka Data Erasure)
The Overwriting technique is based on replacing the target data stored on all user-addressable memory locations with non-sensitive data or binary patterns. Commercially, overwriting is also known as data erasure, which is implemented using specialized software tools. The data erasure software overwrites the addressable storage locations on the media using specific binary patterns and passes based on global data erasure standards such as NIST 800-88, DoD 5220.22-M, etc.
Advantages of Overwriting / Secure Data Erasure:
- Makes Device Reusable: Erased storage media can be reused & asset's residual value can be monetized.
- Fast & Scalable: Software-enabled overwriting can erase a large number of devices together at a high speed
- Convenience: GUI-based tools can offer a hassle-free experience
- Universal Media Wiping: As per the NIST Guideline, the Overwriting technique can sanitize floppies, magnetic disks, and hard drives, including HDDs and SSDs, etc. Data erasure tools can erase loose or detachable storage drives and integrated storage inside devices like smartphones.
- Compliant: professional data erasure software has a native provision for generating certificates for audit trails (reports) to support compliance needs.
- No E-waste: Generates no e-waste in comparison to shredding or degaussing techniques.
Disadvantages of Overwriting:
- Does not work on damaged or un-rewriteable media such as optical disk
2. Degaussing
The Degaussing technique is based on the demagnetizing principle, wherein a degausser is used to neutralize the magnetic field of magnetic storage devices such as hard disk drives, thereby destroying the data stored on the media. Degaussing is a traditional technique compared to Overwriting or data erasure and, therefore not optimal for destroying the data stored on emerging magnetic media that have stronger magnetic fields or complex make & designs such as hybrid drives.
As per the NIST SP 800-88 Guideline, "Existing degaussers may not have sufficient force to degauss evolving magnetic storage media and should never be used for flash memory-based storage devices or magnetic storage devices that contain non-volatile non-magnetic storage."
Advantages of Degaussing:
- Works on non-functional hard disk drives
- Destroys the data stored on magnetic storage devices such as hard disk drives, digital magnetic tapes, floppy disks, etc.
Disadvantages of Degaussing:
- Does not work on flash memory-based storage devices
- Renders the device unusable, nullifying the hardware utility or residual value
- Unlike erasure software that can initialize data wiping remotely via the cloud, the degausser needs to be physically present at the facility to sanitize the HDDs, which can pose a challenge if data destruction is needed across multiple locations.
- Factors like high acquisition costs and the need to procure multiple degaussers for different locations result in a higher total cost of ownership
- Unlike modern erasure software that can erase several thousand drives and devices together, a degausser can degauss only a limited number of "loose drives" at once.
- Maintaining a long-term and consistent repository of the audit trails might be a challenge due to offline or local operations and largely manual efforts.
- Results in e-waste that are harmful to the environment.
3. Shredding
Shredding is a physical destruction technique that disintegrates the storage media such as hard disk drives, solid-state drives, USB flash drives, optical drives, smartphones, etc. It breaks down (shreds) the storage media like the drive platter along with the electronic and mechanical components into minute pieces, in dimensions as small as 2 mm. The data stored in the media is destroyed as a result of physical disintegration. Shredding and other physical destruction methods are not always feasible 'On-Site', i.e., on the company premises due to logistic and financial constraints. The need to ship out the storage media to an off-site shredding facility in such situations may pose a threat of data leakage due to a potential lapse in the chain of custody while the media is in transit. Also, the storage drives inventoried in a warehouse for eventual shredding are at constant risk of theft and data leakage to the point they are shredded. These plausible data-leakage threat scenarios with Shredding emerge due to a great extent of human contact and transferals in the chain of custody.
Further, Shredding destroys the storage hardware and generates toxic e-waste.
Advantages of Shredding:
- Can guarantee data destruction if done properly
- Destroys the data & device permanently if executed properly
Disadvantages of Shredding:
- Inherent 'chain of custody' risks of data leakage
- This may leave chances of forensic data recovery from an inadequately shredded media, like a chunk of the drive platter
- Logistics challenges to materialize shredding in smaller premises
- Results in toxic e-waste
Overwriting vs. Degaussing vs. Shredding: Quick Comparison
The following is a quick comparison of the overwriting (i.e., data erasure or wiping), degaussing, and shredding techniques for data destruction.
|
Comparison Parameter
|
Overwriting
|
Degaussing
|
Shredding
|
|
Process
|
It is performed using data erasure software.
|
A degausser unit is used, which can be a coil degausser, capacitive degausser, or permanent magnet degausser.
|
A shredder is used.
|
|
Mechanism
|
Overwrites the addressable memory locations on the storage media.
|
Demagnetizes the magnetic storage media.
|
Disintegrates the storage device.
|
|
Devices Supported
|
- Hard disk drives
- Solid-state drives
- USB flash storage
- Smartphones
- Tapes
|
- Hard disk drives
- Magnetic tapes
- Floppy disks
|
- Hard disk drives
- Solid-state drives
- USB flash drive
- Magnetic tapes
- Optical drive
- Smartphones
- Integrated memory (Point-of-sale device, motherboard, etc.)
|
|
Scalability
|
It is highly scalable. The software can erase thousands of drives and devices simultaneously.
|
It offers limited scalability. A limited number of drives can be degaussed.
|
The company can hire a vendor on contract for limited or bulk shredding needs; however, the turnaround time would be higher, considering the transit and process durations.
|
|
Efficacy
|
High: Secure & professional data erasure tool implements the overwriting technique with multiple passes and verification as per International standards like NIST 800-88 to ensure failsafe data destruction.
|
Low: Successful degaussing requires a strong enough magnetic field to neutralize the magnetic media's polarity, which could pose a challenge to degauss the emerging magnetic storage.
|
High: Devices, once appropriately shredded in the required dimensions, can guarantee to safeguard against the risks of data retrieval though may not be environment friendly.
|
|
Ease-of-use and Convenience
|
Data erasure software with GUI offers an easy way to erase the drives without requiring special preparations like dismantling or removing the drive from the host machine.
|
Technical expertise is required to manually operate a degausser unit available only with service providers.
|
Shredding is a specialized capability available only with IT asset destruction service providers.
|
|
Reuse / Resale Value
|
Overwriting or erasure retains the residual value of the storage hardware to allow further usage or monetization.
|
Renders the device unusable, so no residual value.
|
Destroys the device completely so no reuse is possible.
|
|
Environmental Impact
|
No Impact: Does not generate any e-waste.
|
Generates e-waste and is hazardous to the environment.
|
Generates e-waste and is hazardous to the environment.
|
Further Reading: Data Erasure vs. Degaussing
+1-844-775-0101
