Deleting data in a secure environment involves two main concerns:
- making sure the data has not left the physical place where it is stored, and
- carrying out the erasure in accordance with strict rules to prevent it becoming recoverable.
We cannot say it enough times: the most critical and important data should never leave the environment where it is being managed in a safe and controlled manner. This is especially true when the media files are obsolete and are intended for sale or destruction. The most secure place for this data is that secure environment in which the authorised people maintain total control. For a large company, the most secure place will generally be secure centralised servers etc. Nevertheless, for a small business, the best protection is keeping them together with the best assets of the company. When needing to transport secure data there are also safe-transport solutions, of the sort used to transport currency, available for carrying media files to a secure deletion laboratory.
For obvious reasons, data deletion is not a trivial matter. It is not enough to empty the recycle bin or format the media. What’s more, there are standards pertaining to how the data should be deleted, depending on its destination. Pertinent references include CESG for the UK, GISA for Germany, ANSSI for France, and TUV from Sweden for Europe in general. The United States has the “supreme” DoD 5220-22.M certificate, from the Department of Defense.
Data deletion via software or hardware?
The deletion method used will depend on one thing – is the physical media itself intended to be used once the sensitive data has been deleted. If the physical media is to be reused then a software solution is recommended, as a hardware solution will give the media a new life as a paperweight.
In order to permanently delete the data before either physical destruction or resale, ensuring that no form of applied recovery method will be effective, software specialised in secure data deletion is critical. This is software can perform necessary the steps to rewrite to the entire disk. Of course, this assumes the media is functional to the point of obtaining logical access to data. In the case of defective hard disks destined for deletion, the only effective options are destroying the disk itself or passing it by a very strong magnetic field, i.e. a hardware solution.
Keep in mind that truly professional deletion software must operate in accordance with the legal requirements of data destruction. These standards define the number of write passes on the disk.
As previously mentioned, there basically two ways of physically destroying data – the radical “hammer and drill” method and the use of a very string magnetic field. The first option is the most enjoyable, particularly after a stressful day, however, it can get messy and take a while if you are destroying multiple drives. The second option is a far cleaner and efficient method but requires access to a device that generates a very strong magnetic field, such as a powerful electromagnet or a specialist degausser, such as Ontrack Eraser Degausser.
One final thought
If you are using a software solution and need to be 110% sure that your data has been deleted, most specialist data recovery companies can offer a data destruction certificate to certify that there is no recoverable data present on your storage media.