The Hidden Vulnerabilities of Hard Drive Overwriting

June 27th, 2017

If you were hiring a contractor to build your house, what would you want to know before you made your decision?  You’d ask for customer references, BBB complaints, insurance coverage and the background of the company.  You wouldn’t ask what brands of tools they use or many miles they have to drive to the work site.  So, when hiring a contractor to assure decommissioned drives are secure, why do so many professionals base their decision around the type of overwriting software or the number of passes used? There are so many more concerning vulnerabilities that need to be considered.

First, there are software vulnerabilities.  We have all read more than one whitepaper on how software reported it had successfully wiped the drive, only to later discover there was still data on it or the drive had not been wiped at all.   We should not blindly trust that the software has done its job.  Software vendors try to overcome this concern by touting the results from third party certification labs.  But we need to keep in mind that those test are run under a specific set of test conditions. When conducted in your environment they may not always produce the same result.

Second, there are media-handling vulnerabilities.  Do you run your sanitization process over multiple shifts?  Do you have multiple people handling the media?  Is it a long, repetitive, and error-prone process where it would be easy for a decommissioned drive to be placed in the wrong pile and be considered successfully wiped when it never made it into the process in the first place?

Third, there are hardware vulnerabilities.  The most difficult vulnerability to diagnose is a hardware error.  They can occur with the drive, the controller, the host computer or even the enclosure.  Intermittent hardware errors are impossible to catch.  How will you ever know if a few connector pins are intermittently connecting to some drives and not others?

Does your organization know how many times any of the above has occurred?  Do you have a robust enough process to detect these failures?  What is the risk of a breach versus the benefit of overwriting and recycling the drive?  A violation of HIPPA can reach up to $250,000 and 10 years in prison for each act.  A violation of the Gramm-Leach-Bliley Act can reach up to $100,000 for each act.

The most secure way to destroy a decommissioned drive is to have it physically destroyed by a NAID certified company.  No more worries about the software or hardware of an overwrite process not working.  No more worries about misplacing a drive in the done pile by mistake.  With SHREDDING, it’s either in pieces or it’s not.

So, back to our home builder contractor analogy.  At SHRED RIGHT, not only are we AAA NAID certified to perform data destruction, we have years of satisfied customer references to back it up.  We have made a name for ourselves by having more than just the RIGHT equipment but by having the RIGHT process and procedures in place to protect both you and your data. Want to know more? Give us a call and we’re happy to help.


Request a shredding quote or a proposal today. Or call 1-800-289-8580

Get a Quote

Shred Right is AAA NAID Certified, often exceeding the rigorous standards established by the NAID quality certification program.

Learn More