Why it is critical to eliminate electronic data?

Nearly all pieces of electronic data storage devices contain some data that is either of a sensitive nature (individuals' social security numbers, banking data, credit card information, medical information) or confidential in nature (government defense information, etc.).  This data must be protected during its entire lifecycle, including disposal at the end of its lifecycle.  State agencies must ensure that any information contained on any storage devices in their control is made impossible to retrieve prior to disposing of the storage device in questions.

Devices that can contain sensitive or confidential information include:

• Hard drives from computers
• Hard drives from storage arrays or cabinets (servers)
• SB sticks used to transport data
• Floppy disks used to transport data
• Storage data tapes

Note: "Deleting" information from a storage device does not eliminate the deleted data.  It is still accessible.  Reformatting a hard drive also does not remove the data from the drive.  An acceptable method of data elimination must be used.

What are acceptable methods for eliminating electronic data?

There are three main methods used for eliminating electronic data.  These include physical destruction, degaussing and overwriting.  Each has advantages and disadvantages.

Physical Destruction - involves destroying the electronic data storage device.  This can range from deforming the device so that it can no longer be used or disintegrating the device into very small pieces.

Advantage:  Process is quick, taking only a matter of seconds
Disadvantage: Device is no longer usable

Degaussing - involves exposing the data storage device to a very high magnetic field.  This alters both the magnetic and physical properties of the device, making it impossible to retrieve any data contained.

Advantage: Process is quick, taking minutes to degauss a typical storage device
Disadvantage: Device is no longer usable

Overwriting - is a process in which the data on a storage device is overwritten bit for bit with useless information (typically "1" characters or "0" characters).  This makes retrieval of the original data stored on the storage device impossible as it no longer exists.

Advantage: Device can be reused, as it is not destroyed in the process
Disadvantage: Process is more time intensive than other options

Are electronic data elimination tools available for use?

The DIR Network Security Operations Center (NSOC) located in Austin has several tools available for state agency use.  Depending on the needs of the user, these tools are capable of: 

• Overwriting hard drives (SATA, Wide-SCSI, IDE)
• Overwriting hard drives still contained inside servers, laptops or desktops
• Degaussing hard drives, tape drives, floppy disks
• Physical destruction of hard drives via disk perforation

Each of the six disk wiping arrays are configured for a specific interface (IDE, Wide-SATA or SCSI) and can accommodate up to eight 3.5" drives.  In addition, a network enabled appliance is available to securely wipe media "in place" over a network switch without the need to remove the media from the system. 

To schedule a date and time to utilize the tools, please contact DIR Security.