this page (which began
June
16, 2005 and was last updated in October 2018) includes articles and info
about:- disk erase hardware, erase software, mechanical disk shredding and
tape media degaussers |
Do You
Really Need Disk Sanitizers?............... |
by Zsolt Kerekes,
editor - StorageSearch.com
- March 2008
First it was
SCSI, then a few years
later RAID, then after
that came SAN, quickly
followed by NAS and
iSCSI. Well at least the "SCSI"
part seemed like an old familiar.
It's a shame that all the stuff you
learned about the different types of (what we must now call) "parallel
SCSI" - LV something
or other - no longer adds to a high score in a CV.
Somewhere in
the dim distant mists of
storage memory
(though not necessarily in this order) came
SATA, then another
comeback for SCSI
again, D2d, VTL and the
list seems endless.
Now it's ...SSDs,
MLC, SLC...
and Disk Sanitizers?
Isn't the storage market complicated
enough already?
Do you really need to start worrying about something
else you've hardly ever heard of?
Before you answer that - here's a
much simpler question.
What do you do with your old credit card when
the new one arrives? Do you drop it on the street? I don't think so? How about
advertising it on eBay? - One old credit card - expiry date nearly over - no
longer needed by current owner - going cheap.
How about that new copy
of your customer list that the marketing people have been promising you for the
last 6 months? When it finally arrives so you can use it at the
trade show you're
exhibiting at - do you just throw the old one in the trash?
ILM
(Information Life cycle Management) became a fashionable term in storage
circles about 5 years ago. Like most marketing buzz words - the ILM hype was
focused on whatever the vendors were selling at the time. ILM
ISVs were mainly
selling themselves to
bigger storage companies... with a company lifecycle which didn't include much
more time than writing a few press releases about the ver 1.0 release before
the money from the VC in
the wall machines was spent.
But beneath the surface glitter of
acronyms there are some useful concepts in the ILM which are still relevant
today.
What happens to your data when the storage media they are
stored on gets too old?
The afterlife for things like disk drives
and RAID systems is not something that most of us think about much. It's not the
glamorous end of the storage market.
In the home market maybe your
old PCs are stored in the garage. It's a myth that you can give them to the
kids. In my experience - the kids always demand and get the newest fastest PCs
- much more powerful than the ones that we use at work. Most of your old PCs
were probably still working you stopped using them. Maybe that means your old
email accounts and bookmarks work too. How long would it take someone to try
requesting the main online banks that your password details should be emailed
to your old machine? Even if your old PC stopped working and you threw it out -
the disk drives can be recycled by
environmentally
friendly agencies who do deals with your garbage collection company.
In
the corporate and government markets - recycling is done wholesale. When new PCs
are bought the old ones are traded in or disposed to brokers hundreds or
thousands of machines at a time. Someone else is taking care of the problem for
you. Or are they?
There's a lot of evidence from security companies
like
Pointsec that a
worryngly high percentage of second hand / refurbished hard disk drives bought
on the open market still have readable data.
Yes they were "wiped"
clean by commercially available utilities.
Yes the disks were
reformated.
But both processes are undoable in a matter of seconds.
Many disk wipe utilities are simply that - useful utilities that make it hard
for you to see the data on your disk drive. But unless they follow algorithms
used by the military, the files they cover up can be easily read by data
recovery software.
There are 3 common types of product and service
which address the Disk Sanitizer market.
- software - useful for using on one machine or a low
number of machines.
- hardware - which wipes a batch of disks clean at
hardware speeds - and is useful if you're recycling hundreds of drives.
- services - which mechanically break the disks into
fragments which are considered too small for criminals to do anything with.
(Although a good data recovery company or your intelligence agency cmay still be
able to read files off a 1 inch fragment off a broken disk drive).
The best approach for you to take with
maintaining your own data privacy depends on your own situation. But just as you
wouldn't throw your old credit card onto the street - think about what's
happening to those old disk drives next time you buy a new PC, server or RAID
system. And make sure that your broker - if you use one - is using a product
which actually works. |
. |
|
. |
Pointsec found that
they were able to read 7 out of 10 hard-drives bought over the Internet
at auctions such as eBay, for less than the cost of a McDonald's meal, all of
which had "supposedly" been "wiped-clean" or "re-formatted". |
. |
When Disk Sanitizing Won't
Do the Job
Editor:- July 13, 2005 - Just thought I should mention
on this page that there's one situation in which disk sanitizers won't
protect your valuable identity or other confidential info no matter how
smart the software.
This warning thought was triggered by my own
recent experience in which a hard disk I was using for backup failed in the
write mode - but its contents (the old backups) were still readable. In that
case the only way to ensure that no one else can steal your data is physical
destruction.
I was helped out in this by Sam, the 11 year old son of
some college friends who were visiting. We took the disk drive out to the back
of the barn and Sam sanitized it using a combination of sledge hammer and log
splitter. The disk platter, bent split and shiny but no longer readable, was
saved as something he was going to save on his wall as a momento of the
experience.
We sanitized a 486 PC tower after that - which is one of
about a dozen old PCs we have been wondering what to do with and storing in a
shed. That had two disk drives - so Sam's younger brother (6) was able to get in
on the act and sanitize one for himself too.
You can never be too young
to learn the importance of data security - or how to wield a large ax safely
for chopping firewood. These are important things to know. But readers should
not try this themselves without the supervision of an experienced log slayer. |
. |
Did You Know?
Disk
Sanitizers are entirely different to Telephone Sanitisers. If you were looking
for the story of the Golgafrinchan Telephone Sanitisers in the Hitchiker's
Guide to the Galaxy see the
BBC's
Hitchiker's cult page. |
. |
|
. |
fast erase / purge MIL SSDs |
The need for fast and
secure data erase - in which vital parts of a flash SSD or its data are
destroyed in seconds - has always been a requirement in military projects.
Although
many industrial SSD
vendors offer products with extended "rugged" operating
environment capabilities - and even notebooks SSDs come with encryption -
it's the availability of fast destructive data purge which differentiates "truly
secure" SSDs which can be deployed in sensitive applications.
Who
makes these SSDs? How do they work? And what are the characteristics and
limitations of the various methods used? Click on the link above to find out
more in my special article / directory about
fast purge SSDs. | | | |
|
Is
it true that the Queen's apartments are dusted clean by those bushy hats?
Megabyte was sworn to secrecy. | |
|
. |
dust to dust and SSD data sanitization
Editor:-
September 25, 2018 - A reader - Simon Zola
- Manager, AVTEL Data
Destruction emailed me after seeing my blog -
looking
back at my 19 years of writing about the data recovery market - which I
concluded with this..
Is there an opposite concept to data recovery?
Yes.
The flip side to data recovery is fast purge SSDs and
disk sanitizers.
Simon said - "I have only just come across you
and your site and I would love to hear your opinion on meaningful data
sanitisation of SSD."
I
thought to myself how many years is it since I set up a dedicated
SSD fast erase / purge
page? - I checked. It started in 2009. (This is one of the joys and
frustrations of the web. Frustration - that you can't find stuff which has
been around for a long time - because it gets drowned by social chit chat. Joy -
in knowing that there must be a lot more readers out there who also care about
the same problems.)
Anyway - what I said to Simon was - "There is
a double digit list of standards by defence and government agencies which cover
various use cases and whether the drive is desired to be redeployed for another
project or not. The purpose of extreme autonomous SSD purge is to destroy enough
critical chips in the encrypted SSD so that if it falls into the wrong hands
(captured by enemy) then the SSD data will remain immune to the best
efforts of forensic data
recovery. Thats just one reason why DR and security agencies intersect and
are mutually aware. But as DR gets better then sanitisation has to advance too
(best way being destruction of the chips)."
Anyway Simon - whose
company does Onsite Physical Destruction of HDDs and SSDs in Australia pointed
me towards an interesting
video - re Mobile Data
Destruction which shows the type of thing his company does. It's on
youtube which means that many of you won't be able to see it right now if
you're viewing this at work.
So I'll describe what happens...
The video shows a van which arrives at your site and delivers via a conveyor
belt all the drives you want shredded - presumably while one of your security
people watches it happening. (You'd have to verify the exact design and chutes
etc yourself obviously to satisfy yourself there are no magical trap doors - or
maybe you could just rent the facility. It depends on your own circumstances.)
That prompted me to realize that it had been about 2005 when I had
last written much about the
disk sanitization
services and equipment business (as opposed to autonomous drive purge)
because in a way - once you know what needs to be done - what more can you say
about it? But maybe that page could do with a refresh - which is why I'm writing
this.
We are much more sensitive and vigilant about environmental
impacts nowadays (2018) compared to the start of my own career (1977) when
many of the industries which paid the wages of our local communities and
where our friends and neighbors and customers worked were inevitably sometimes
spilling stuff into the sky, ground and water.
So I said - Hi
Simon - I forgot to ask this... how is the shredded material from the sanitized
drives processed? I mean the cost from an environmental hazard point of view?
Simon said - 0 to land fill. (And then he gave me a list of who
reprocesses what afterwards - which you can find out more about on his web
site.)
Editor's comments:- I'm guessing that wherever you live you
might be interested in the possibilities opened up a mobile service like this.
My own modest needs in this category have always been simply
managed by the expedient of a log splitter or ax - but I'm only smashing one
drive each season or less. Some of the kids of family friends have made
artworks out of the little chunks of smashed up drives and mangled chips.
Small
dustry grains are less artistic but better from the security angle.
Fusion-io can do secure erase in less than 60 seconds
Editor:-
September 15, 2011 - Fusion-io
today
announced
that its new SureErase data
sanitization tool has been confirmed as meeting Department of Defense
sanitization standards by the Defense Information Systems Agency.
SureErase
enables users to securely remove/erase all data on any ioMemory-based
technology, following DoD/NIST standards, regardless of capacity, in less than 1
minute.
Editor's comments:- although that sounds like a long
time - relative to fast
purge SSDs (and it is too long for some applications) nevertheless when you
take into account that many of Fusion-io's PCIe SSDs have multi-terabyte
capacities - it's impressive.
Did encrypted HDDs choke the sanitizer market?
Editor:-
Self-Encrypting
HDDs for Servers (pdf) - is a white paper by
Seagate which makes
good reading for those interested in server disk security.
It's easy
to be wise after the event - but I see now that the rapid industry take up of
FDE (full disk encryption) may have been a factor in capping the size of the
disk sanitizers
market. I thought that market would be a lot bigger by now. |
|
A Hard to Duplicate Offer on Hard Disk
Duplicators
Chatsworth,
CA - February 3, 2009 -
Aleratec Inc. launches the 1:5 HDD Cruiser - a 5 way hard disk drive
duplicator and 6 way sanitizer for SATA drives combined in a single unit (ERP
$1049).
The base unit is designed for 3.5" drives, but an optional
$105 kit converts it over to 2.5" operation. Duplication speed is
approximately 40MB/s. As an introductory promotion Aleratec is offering a free
3 way PATA disk duplicator to customers who buy the 5 way model this month. ...Aleratec profile,
Disk Duplicators,
Disk Sanitizers
Sun Enters the Disk Sanitizer Market
Santa
Clara, Calif - November 25, 2008 - Sun Microsystems, Inc. today
entered the Disk Sanitizer market.
Sun Data Protection
Services, Data Erasure, is a new on-site service to help enable customers to
remain compliant with internal corporate data erasure policies during the
removal, redeployment or relocation of equipment containing sensitive data. The
service also empowers customers' to become compliant with the ever increasing
policies of regulatory agencies for the removal or destruction of data, by
providing a global, audit-ready solution that erases data at the platter level.
Sun has been using the same data erasure service internally to prepare company
assets for reassignment and redeployment.
Drew Hughes, technical
program manager at Sun Microsystems said - "When we work with a government
client to transfer equipment from one resource to another, we use the Data
Protection Services Erasure to ensure that our services team has no data
compromise."
Industry research (from
IDC) indicates that most
midsize to large corporations replace about 25% to 33% of
their IT equipment on an annual basis. Each event in the equipment life cycle
can expose sensitive corporate or customer data to possible breach or
compromise. ...Sun
Microsystems profile, Storage
Services , Disk
Sanitizers
Royal Bank of Scotland's Customer List Sold on eBay
Editor:- August 26, 2008 - the
leading story today on the UK's BBC broadcast news was that 1
million bank customer records had been found on a disk bought for $70 on
eBay.
This is the 2nd major data security story to hit the
headlines in less than a week. The earlier case involved the loss of UK police
records containing data for
thousands of
criminals.
The prisoner records are still missing, but the bank
customers in today's story can breathe a sigh of relief that the purchaser of
the unsanitized disk was an honest citizen.
Aleratec's Disk Sanitizer gets Military Citation
Chatsworth, CA - March
3, 2008 - Military Embedded Systems magazine has commended Aleratec Inc.
for its new stand alone HDD Cruiser - a hard disk drive sanitizer and
duplicator all in one unit.
The
HDD Cruiser will
simultaneously sanitize
up to 4 hard drives to
assure that all confidential data is unreadable. It can also
duplicate up to 3 HDDs
simultaneously.
"We are very proud to be recognized for our developments by
Military Embedded Systems Magazine"
said Perry Solomon, President and CEO of Aleratec. "...We made the HDD
Cruiser the complete tool, it can also make exact duplicate copies of hard
drives to expedite setting up new PCs or recycling old drives with new site
licensed operating systems and standard applications which is particularly
useful when drives have already been used and need to be set up for a new
project." ...Aleratec
profile
WiebeTech's Low Cost Disk eRazer
WICHITA , KS -
November 12, 2007 - WiebeTech today unveiled its Drive eRazer family
for IDE/PATA and SATA hard drives.
The standard model (price
$99.95) can erase a 250GB drive in under 2 hours. Operation is easy. Simply
connect it to a drive and flip a switch.
"As many people discover too late, trashing a file does not
erase it from a hard drive,"
said James Wiebe, president/CEO of WiebeTech. "It is fairly easy for
someone else to recover files from used hard drives. As a
test, we bought used drives on eBay and recovered everything from corporate data
to email conversations to financial data to legal documents. Drive eRazer is the
easiest, most economical solution available to prevent others from seeing your
files." ...WiebeTech
profile,
Disk Sanitizers
This Email will Self Destruct in 72 Hours
CHICAGO, IL - October 16,
2007 - Ocean Tomo Auctions, LLC today announced it will sell several
lots of patents relating to data storage at its Live Intellectual Property
Auction on October 25th at The Palmer House Hilton in Chicago.
One patent addresses a self-destructing document or email messaging
system that automatically destroys documents after a predetermined period of
time.
Another Lot in the Data Storage category, which includes a
substantial portfolio of U.S. patents, generally relates to data storage
devices, disk drives, and other aspects of storing digital information by
magnetic and optical data storage technologies.
SafeErase 3 for Windows Vista
Berlin - May 15,
2007 -
O&O Software GmbH today releases SafeErase 3 for Windows Vista.
With 5 different deletion methods complying with recognized international
standards, the user can create individual configurations, adapted to each
scenario. The deletion methods differ from each other in the number and the way
data is actually overwritten. As well as the standard deletion procedures of US
DoD and German BSI, users can also select the
Gutmann Method, which
meets the highest possible security criteria and overwrites data up to 35 times
The full version costs EUR 29.90.
...O&O Software
profile,
Storage Software,
Disk Sanitizers
Hard Drive Cleanser Wipes Vista
Burlington,
MA - March 14, 2007 - Acronis, Inc. announced that its Drive Cleanser
6.0 (typical list price $49.99) now supports Microsoft Vista.
"Acronis
Drive Cleanser has been honored on multiple occasions as the best disk wiping
application on the market," said Walter Scott, CEO of Acronis. "The
addition of Vista support means that now users of virtually all versions of the
desktop Windows OS can, with complete confidence, delete the data from any
partition or the entire hard disk and know the data will never, ever be
resurrected for purposes such as industrial espionage or identity theft. The
product is used by corporate customers and consumers to wipe an old hard disk
before it is disposed of or repurposed as additional storage."
...Acronis profile,
Disk Sanitizers
Blancco Offers Nonprofit ORGs Free Disk
Wipes
JOENSUU,
FINLAND - October 30, 2006- Blancco announced today that they will make
available donations of their data erasure software to eligible nonprofit
organizations via the nonprofit technology website TechSoup.
Each nonprofit organization with 501c3 designation will be entitled to 500
Blancco licenses. Like commercial enterprises, nonprofits face a critical
challenge when they want to recycle, resell, or reuse obsolete computers: the
data remaining on the hard
drives need to be professionally wiped in order to maximize data security
and prevent data leaks or identity theft. The software is operated from a
central server, so users do not need to install the software on each computer
prior to data wiping. It is designed not only for PCs and laptops but also for
servers with several hard drives.
...Blancco profile,
Disk Sanitizers
Thumbs Up for Mainframe Disk Sanitizer
from Down Under
Little
Falls, NJ - September 5, 2006 - Innovation Data Processing, today
announced that its FDRERASE for the IBM z/OS environment has earned a
place on the Australian Defense Signals Directorate Approved Products List as a
Media Sanitisation product with a conformance claim of EAL2+.
"You
expect Defense and National Security agencies to have strict rules," said
Thomas J. Meehan, Innovation's Vice President of Advance Technology. "FDRERASE
today, is the only DSD certified solution available for securely erasing disks
in z/OS environments. ...because of this FDRERASE is especially popular with
banks, card payment service providers, educational institutions, financial
intuitions, government agencies, hospitals and insurance companies all of which
have legislated Personal Identity Information Protection obligations, to
securely erase data when leaving a DR site or disposing of disk storage systems."
...Innovation Data
Processing profile , Storage
Security, Disk
Sanitizers
Fujitsu Launches Tape / Disk Degausser
Sunnyvale, CA -
May 30, 2006 - Fujitsu Computer Products of America, Inc. today
announced the Mag EraSURE Professional Value desktop degausser.
The
product is an effective, economical solution for industries that require fast
and secure removal of magnetically recorded data from
hard disk drives,
removable disks and
backup tapes. The
Fujitsu Mag EraSURE family of products utilizes a rare earth permanent magnet to
degauss magnetically recorded information. Data becomes permanently
unrecoverable by commercial means once exposed to the powerful magnet in the
device. In addition to purging recorded information on the storage device,
including servo and calibration data, the degausser also destroys most
read/write heads.
A key feature of the Fujitsu Mag EraSURE is its
user friendly operation. Users simply insert the drive into the degausser and
push the button; the device handles the rest. It can operate 24x7 with no-wait
duty cycle and accepts a wide variety of media:- hard disk drives - up to 3.5"
and 1.6" height and floppy, Zip, Rev and Jazz media. Also backup tapes:-
SDLT, DLT, LTO/LTO2, DAT, TRAVAN, AIT, QIC, 8mm. The Mag EraSURE P2V is priced
at $13,500.
...Fujitsu profile,
Disk Sanitizers | |
. |
|
| |
|