top of page

Data Sanitization and You.

Updated: Nov 18




Data sanitization is a big deal. Don't take my word for it. An endless list of unfortunate data breaches are in the link below.


So, I'm going to start with the basics for this first Blog post. I'll gradually get more technical until someone emails me to stop!


The first question to ask is probably the most fundamental, Wipe or Shred? In my 25 years in the industry I have alternated between the two and indeed you should offer both alternatives. You will definitely have customers who insist on shred only. We will look at pros and cons of the shredding option first.


PROS


  • Definitely gets rid of all data. Well, not so fast as there are caveats to this. For regular mechanical drives this is pretty much true. However, NIST standards now specify that Solid State drives have a certain maximum particle size. It might already be time to buy a new shredder if you wish to remain in compliance.

  • Easier to manage. Probably true to a certain extent. You are still going to have to manually capture serial numbers and link a given drive to a customer. Somewhere you will need to generate a Certificate of Data Destruction.


CONS


  • Shredding equipment is expensive. my last shredder was over $25K and it was not a large capacity model. Once you get the monster you have to feed it and maintain it and provide power.

  • Value Destruction. A 1TB hard drive which is healthy is still worth $12-14. As mixed metal possibly $0.20? Take a 10 dollar bill and put it through the shredder - that is what you are doing.

  • Destroying a perfectly healthy hard drive is not responsible recycling, especially if an acceptable alternative exists.


You can probably guess which side of the fence I prefer. Having said that, when I was processing hundreds of thousands of drives monthly, both shredding and wiping a truism remained - nothing worthwhile is ever easy, or cheap. That is also not the actual issue either. You are effectively assuming 100% of the potential liability should the data on a drive entrusted to you escapes into the wild. That liability could end your business should it happen; read the articles in the link above. If your customer gets sued for millions that 'expletive deleted' flows downhill pretty quickly.


Before I get onto the software element, I also wish to point out that the data sanitization business is fiddly and repetitive. Fiddly and repetitive leads to mistakes. Has anyone tried to scan the correct serial number barcode of 500 hard drives into a spreadsheet? Just picking the correct barcode out of many every time in itself is a challenge. There are drives still in desktops, laptops, hidden in servers or loose in a box. Each has to be correctly assigned to the correct customer. Many cutomers will want the serial of the host system the hard driive was in. As I said, not easy but also fiddly and repetitive.


Processors chose to shred rather than wipe not because they are able to charge more but because they believe it reduces their potential liability and cost. The other reason is because the client insists everything be shredded. The second reason is valid, the first is not. Let me explain.


It is absolutely incorrect to think that shredding evey hard drive is less 'risky' or lowers costs. With wiping, the software does 95% of the work and the software handles repetitive and fiddly better, faster and cheaper than an employee. All the employee has to do is boot the host machine. Said employee, btw, should be working on higher value add items rather than painstakingly scanning barcodes on a hard drive.


If a unit comes in with the drive still inside, the chances are you will want to test and resell, plus wipe the drive. In an ideal world you would just do a PXEBoot which would do all that for you plus test the host unit. If loose drives, plug them into a container and wipe, say, 96 drives at a time. All to DOD specs. Everything being reported back to a database for certificate generation (and billing). You also have something you can then sell for 50 times the shred value.


If it is a customer mandate that all hard drives be shredded, if it doesn't cost you anything extra why not wipe as well? That is not only a great sales feature it also reduces a potential need to get the latest shredder should the rules change again. You also don't have to manually scan barcodes or capture host serial numbers - the software does all that.


This initial blog just addresses the first big quandry, wipe or shred. The next blog will touch on the various software offerings and there are many, from free to use to expensive and all points in between. Mainly however, the next blog will show a detailed workflow of what I would consider to be the ideal way to use software in your data sanitization process.


Please feel free to call at any time, I'm always available on 602 317 3981 or email me at Graham@Recyclesoft.com.



4 views0 comments

Recent Posts

See All

Comments


bottom of page