Physical destruction of HDD's as a security solution
Traditionally HDD destruction is made either with Degaussing, software based erasure/wiping, or thru external service provider, where the drives are destructed at a facility far away. There are different opinions of the security aspect of each different destruction method, but roughly those can be classified into a data erasure allowing re-use of the drive and physical destruction as shredding the drive. Adding into the equation, the erasure/wiping as a chosen method does have a significant limitation as any damaged/unaccesible drives/stacks cannot be wiped thus inoperable in the first place.
To date the physical destruction has being possible exclusively on large facilities of re-circulation operators where anything up to vehicle sizes are shredded. Large shredders are obviously designed with the speed in mind, so the particle size is not an issue, nor cannot be controlled. And before the HDD reaches the re-circulation facility, it usually travels thru multiple steps, including sales and service organizations, or trash collection - without mentioning the usual logistical steps with terminals and distribution transports - before eventually ending up to final address; this results not only to the transport(transfer) risk but also to time risk in destruction process. Best way to sum up the problematic is notion of a 3rd party and OTR (Over The Road) -risks.
Whether the transport of an intact HDD takes place in a widely popular trash containers - with or without a lock - or even better, as a parcel; the feel good factor for the data owner comes in form of a tracking code, and a firm belief of eventual arrival to the destination... In any case the data carrier has left own hands.
In discussions of data security of outsourced HDD destruction often is referred to extrenal service provider's (and personnell's) certifications AND to the destruction certificate that the external operator delivers; Certificate that states piece/weight based assurance of destruction - sometime, somewhere, and by someone - all paper and retroactive. Additionally any facility certification bases to past auditing, where the circumstances are? still the same and any processes are? followed to the letter ? The most important is in all cases is lost - The Own Control.
When a Hard Drive is destructed right at the customer premises or inside the server hall itself, any and all related risks can be eliminated 100%. And while the HDD's full of sensitive data do never leave the building physically, the MAXXeGUARD -shredder enables an adoptation of a full reporting chain from the arrival of the HDD up to the last moment leading to it's shredding.
The perfect Guide Line to HDD security is: " Do NOT assume, KNOW how Your HDD was destroyed ! "
Q&A: Lessons learned from recent client audit cases:
1. Destruction of hard drive LOCALLY is deemed as an acceptable method,
2. The destruction report MUST be generated automatically by the machine,
Whenever the HDD is - against all odds - being destructed externally thru "someone, somewhere & @some time" -method; and a destruction report is sent afterwards to client, the paper is worthless from the audit standpoint - which also applies in self made destructing, when persons present confirm a report by themselves; ONLY a report, made automatically by the destruction machine, is accepted as proof of destruction at any serious audit ...
While remembering that a single HDD can hold years of research data or a full large personal data registry, the ramifications to personal or corporate fame and economy can be large or devastating, not to mention the potential risks for litigation and administerial penalties.
While delivering shredders mainly to larger organizations we've being asked whether the shredding could be available as a service ?
We did make a decision to answer to this call and developed a new Shredcurity Service -HDD data carrier shredding service. This Data Security Service allows Us to answer needs arising from organizations of different sizes flexibly, especially when the volumes do not back an outright purchase of an own shredder. In Our service, the shredder is delivered right to the office/server center of the client, and after a training the own staff is able to destroy HDD's at a speeds upto hundreds a day - inside the own walls, without any external risk factors present. Naturally the shredding is possible as a full service within the client location per request.
From time to time the handling of the shredded data device is raised up to discussion; Our starting point to the service is always that The client owns the shredded materials, which upon being left to the clients hands, allows them to do what ever they choose, or to deliver it to their chosen end handling - We do not consider it as an "extraordinary" matter, when client chooses to keep/take with them the remainders of the data devices, but that is the base line expectation - We can naturally facilitate the recycling of the remainders, but expectation is that the client wants to take care of the security all the way to the end !.
To tackle the security challenges presented above the way to go is a physical destruction of the hard drive into smallest possible particles, WITHOUT the HDD ever crossing the threshold. And while the internal security areas change between lobby and the server hall, the machine used to perform the shredding must be right size in order to pass thru the doorways and elevators so the shredding can happen at the source. Additionally an acceptable noise level is required to be able to operate the machine in office environment.
The importance of a reporting function cannot be emphasized enough, in order to fulfill sercurity requirements any destruction must be able to be traced back later. This is possible with the automated, user independent reporting tool that automatically creates an archivable report.
MAXXeGUARD is the only mobile HDD shredder, able to be operated in a normal office environment. The shredder enables lifting the security standards in an completely new level while completely eliminating the risk of external access to drives.
The shredding process is a two step procedure, where the drive is first pressed out of form (picture), destroying the straight surface of the disk. On second step the HDD is shredded into selectable size ( 1-70mm ) producing particles where on even larger cut sizes the straight disk surface is lost.
Shredder in numbers:
♦ Sound level in operation < 70 dB;
♦ Operates with normal 2 phase 230V current;
♦ Fits thru all doorways - width 65 cm;
♦ Automatic 15 disk loader;
♦ Controlled, adjustable particle size;
♦ Report of destructed Hard Drives: result, picture and S/N of each HDD;
up prev. next down
customer service : email [at] scanmagnetics [dot] com
information in this document is subject to change without notice
copyright ©2020 scanmagnetics oy • all rights reserved • all trademarks acknowledged