All Shred Full Hard Drive Destruction VS. Value Proposition of Sanitization and Resale
Contrary to asset management companies that practice sanitization for the sake of the value proposition, asset management companies that abide by “all-shred” methods shred every drive that enters their facility. If one hundred drives come in, one hundred drives are destroyed. There are no hard drives anywhere in the facility. This offers easy detection and proper correction of human error. When a drive is found in an all-shred facility, it is immediately shredded. In asset management companies that abide by sanitization methods, there are hard drives throughout the facility that have been sanitized or are waiting to be sanitized. There is no simple way to tell whether or not drives have been properly sanitized without testing each and every drive in the facility. The concept of all-shred eliminates most liability that stems from human error. All-shred data destruction companies also practice a higher level of efficiency. While it takes five or more hours to complete a 3-pass DOD wipe, industrial hard drive shredders can shred upwards of 1,100 hard drives in one hour. Not only is efficiency increased, but risk, as a result of process time, is decreased. Graph B below shows the correlation between the length of time it takes to destroy data and the security level. Graph B According to the chart above, physical destruction requires the least amount of time and provides the highest level of security.
Physical destruction provides a secure and absolute method of data destruction that sanitization does not. With physical destruction, data recovery is impossible, human error is minimal, and efficiency of resources is maximized. So why then do IT asset management companies continue to practice methods of hard drive sanitization? Too many executives mistakenly forfeit security for a nominal rebate. Because most asset management vendors seek to provide corporations what they entail, they cater to the rebate. The reality is that while companies may be comfortable receiving rebates, the average net cost of switching to physical destruction is approximately $3.00 per system. This small price can eliminate the catastrophic financial consequences that eight of the ten top Dow performing companies have endured in the last five years. Data breaches are not uncommon and no company is immune. It is the decisions and processes determined by company executives that protects corporations from a financial loss of this caliber. Only when corporate decision makers demand the highest level of security from their asset management vendors will asset management vendors provide them with the processes needed to protect their company and client information. The financial and moral consequences of a data breach are far too damaging for executives to view their company’s hard drives as anything other than a dangerous liability.
Risks of Sanitization
Effectiveness and efficiency aside, when a company decides to employ a vendor that practices a data destruction method of sanitization, they take on a heightened level of human risk. Given that broken or damaged hard disks cannot be overwritten, asset management companies must physically destroy malfunctioning disks. This involves human testing and recognition to determine if each drive is able to be overwritten and human follow-through to be sure the drive is physically destroyed. The security is left in the hands of human vigilance. To be compliant with DOD standards, no fewer than 20 percent of overwritten drives must have attempted data recovery by a qualified technician.12 Many asset management vendors could pass the 20 percent test-but if they were to have every hard drive examined many would fail. If only one hard drive were to be the victim of human error, they would fail. One bad call or mistake could be catastrophic for corporations. If one drive is misplaced or not properly sanitized and it falls into the wrong hands, the corporation could face millions in lawsuits. Overwriting hard drives files also requires that the systems are powered on by an employee to begin the process. Access to the data is readily available to the employee. Data loss as a result of human mistake or theft is an unnecessary risk that many corporations are willing to encounter. The process of eliminating data though sanitization methods comes with inherited risks that are unavoidable. The only way to completely eradicate risks of data recovery, resource inefficiency, and human error is to look towards a more permanent, absolute method of data destruction.