On the Loose

At some point, most organizations will have to deal with the dilemma of a loose drive—a hard disk outside of its original enclosure—whether it is from a printer, server, PC or other electronic device. As innocuous as they may seem, loose disks can contain sensitive customer or business information that, if in the wrong hands, can jeopardize privacy, threaten corporate reputation and result in fines from an number of data security regulations. According to studies reported at the Eighth Australian Digital Forensics Conference in 2010 and in Computerworld in 2009, approximately 40 percent of hard drives that reach the secondhand market hold sensitive data.

In light of the serious potential for data breach, companies must ensure loose drives are securely erased before their disposal, reuse or resale. With the severe flooding in late 2011 that affected Thailand, which produces 40 to 45 percent of the world's hard drives, the market shortage for hard drives could reach 28 percent through mid-2012, industry research firms IHS iSuppli and IDC predict, raising drive and equipment prices. This shortage presents resale opportunities in the secondary market for recyclers who process loose drives but also presents a security dilemma unless these drives are fully erased before they are resold.

Once a drive is removed from the original device, its erasure usually requires a combined hardware and software solution, meaning another device will need to be used. Businesses may explore their own options for erasing loose drives, but many, especially those with higher drive volumes, turn to third-party electronics re- cyclers that perform information technology asset disposal (ITAD) functions and have the specialized hardware and software to handle the task. In addition to asset disposition and data erasure programs, this type of recycler offers logistics management, processing, refurbishing, remarketing and redeployment services for loose drives.

There are a number of solutions for erasing loose drives, with each having pros and cons. Some ITADs and recyclers may choose to create their own erasure solutions, while others may implement a purpose-built commercial one.

When considering the right erasure solution for their needs, organizations should account for the number of drives they must erase, initial and ongoing costs for the erasure technology, power usage, footprint requirements and other factors. Whatever hardware option is chosen, recyclers and others contemplating the processing of loose drives may want to consider using certified data erasure software for complete, auditable data security.
 

Sources of Loose Drives
An accumulation of loose drives can occur over time, as when a business stores hard disks for years, assuming they are securing information even as the drive volume builds. These drives should have already been securely erased in their host enclosure with data erasure software, as opposed to using "Delete File" or "Format Drive" commands, which leave data intact, or data wiping freeware, which may leave areas of data accessible.

If the drives were not securely erased, they pose a data security threat from a variety of sources, including employees, cleaning crews and inadvertent disposal. Even if they have been erased with data erasure software that includes an auditable report, IT asset management best practices—and many regulations—dictate a second erasure at the recycling facility to prove chain of custody.

Loose drives also may accumulate as part of a larger collection strategy. For example, many major original equipment manufacturers (OEMs) practice reverse logistics in an effort to capture residual equipment value, ensure proper disposal and meet increasing demand and regulations for sustainability. These efforts often result in electronics take-back programs that can generate high volumes of loose drives, leading many OEMs to outsource their refurbishment or disposal, including drive erasure, to a third party.

By nature, some businesses generate large numbers of loose drives because their primary equipment, such as cable company recording devices with host enclosures incapable of erasing drives before reuse. Likewise, businesses that produce or are reliant on multifunctional printers, with drives that can retain sensitive information, need a means of secure erasure before reuse or disposal.

Another source of loose drives stems from the way some recyclers process electronic equipment. For example, the process pulls a hard drive from each incoming computer and immediately replaces it with an erased and refurbished drive, thereby generating another loose drive for erasure and requiring a steady supply of refurbished drives on hand.
 

Devising a Hardware Platform
Instead of purchasing a commercial hardware appliance that runs data erasure software, some recyclers and ITADs may opt to use the hardware at hand, either standalone computers or a self-made appliance. Each of these do-it-yourself (DIY) options has pros and cons, and each entails licensing and maintenance costs for data erasure software.

Series of computers. If capital outlay is an issue, one hardware option is to run data erasure from an assortment of desktop computers. For a low initial investment, recyclers can line up tens or even hundreds of desktops, with cases open, connecting each via a flat ribbon or SATA (Serial ATA) cable to one or two drives for erasure.

Although this option requires a low upfront investment, it entails a large facility footprint, high power usage and more manual labor, making it more feasible for processing lower numbers of drives. Also, with each desktop requiring a keyboard, mouse and monitor, it may not create a convincing environment for ISO or other regulatory audits, and the high power consumption can be a drawback for sustainability-minded customers.

Self-made appliance. If higher volumes of drives must be processed and budget is an issue, some recyclers choose to reduce footprint and power consumption by building an appliance from scrap materials to run data erasure software. This may entail using cabinets using scrap servers, with cardboard or other materials separating drives for cooling. While this approach makes for more efficient operations with less manual intervention, the result may not create a credible environment in the case of an audit, and equipment reliability may be an issue.
 

Using Commercial Solutions
Recyclers and ITADs that must erase high volumes of loose drives often find that a commercial erasure appliance with integrated data erasure software or disk duplication hardware adapted for firmware erasure is the overall best option. These options offers a small footprint, lower power requirements, reduced manual intervention and a professional appearance, but costs and flexibility must be considered.

Disk duplication hardware. Disk duplication hardware is comprised of hardware and firmware and typically erases 40 to 60 disks at once. However, because it is so specialized, it often comes with a steeper price. In addition, the hardware only works with one type of disk, meaning different versions are required for each hardware type typically encountered, which may be cost prohibitive. Also, erasure reports may not be compatible with or uploadable to other systems.

In addition, disk duplication hardware can be quite large. If a customer would like loose drives erased on site, the hardware may not be efficiently transportable.

Commercial appliance with integrated data erasure software. Commercial appliances can offer a cost-effective and flexible method for erasing a variety of drives, as long as they are paired with software capable of erasing multiple drive types, like certified data erasure software. The appliance's size and drive support can be tailored to the organization's needs, creating a tower or a cabinet of multiple levels with different enclosures for the various drive types. With certified data erasure, administrators can simultaneously erase a variety of loose drive types, from PC drives to server disks and storage system drives, as well as full systems, such as PCs and servers, via the facility LAN (local area network).

Because this appliance's design is flexible, it can have a compact footprint to support customers who request on-site data erasure. In addition, a certified data erasure application can be executed over the facility's network, with erasure reports uploaded to a central console, for fast and flexible ITAD operations.

While this option can offer lower initial costs and more flexibility than disk duplication hardware, it also can present certain ongoing costs. The costs of software maintenance and support over time should be factored in the decision to purchase a commercial appliance with certified data erasure software.
 

The Common Denominator
In all but the larger, more cost-prohibitive disk duplication options, data erasure software is a key piece of the erasure puzzle. For DIY systems or tailored commercial appliances alike, selecting certified data erasure software can be critical to achieving the previously discussed efficiencies, such as centralized administration, detailed reporting, robust hardware support and sustainable operations. Not only does certified data erasure support erasure of loose drives it also is used to erase full systems, ranging from PCs, laptops and servers to smartphones, printers and other equipment.

Certified data erasure software is the choice of many recyclers and ITADs because it is certified to all major government and industry standards and regulations. It automatically generates detailed reports that provide erasure proof for regulated industries and customers as well as details regarding disk health and attributes for resale purposes. These reports can be uploaded to a centralized system, as well as to asset management tracking systems, providing a unified process and unified reporting for all loose drives and systems processed.

Whether the drive comes from a laptop, server, cable box or various other equipment, it can be erased with certified data erasure software, which supports IDE (integrated drive electronics), PATA (parallel ATA), SATA, fiber channel, SCSI (small computer system interface) and many other drive types.

With such flexible software and a tailored commercial erasure appliance, recyclers can achieve the efficiencies and benefits of securing data on loose drive that suit their needs.

Markku Willgren is president of U.S. operations for Blancco, a provider of professional data erasure and computer reuse solutions. This feature first ran in the January issue of Recycling Today, a sister publication of Storage & Destruction Business.