The Disk Cleaning & Sanitization issue:

Recently a growing number of customers have been asking us to help them SANITIZE their disks after they retire their storage equipment. We do this with our proprietary solution for a daily on site rate, because we can never tell going in how many hours it will take to cleanse all the disks in the FC arrays. I hope to have a forum on this during the next Disaster Recovery conference, because I am not the only one who considers the possibility of private data getting into the wrong hands a disaster!

The Wikipedia actually has very good summary of the problem and this piece is really interesting to many customers we speak with:

The bad track problem

A compromise of sensitive data may occur if media is released when an addressable segment of a storage device (such as unusable or “bad” tracks in a disk drive or inter-record gaps in tapes) is not receptive to an overwrite. As an example, a disk platter may develop unusable tracks or sectors; however, sensitive data may have been previously recorded in these areas. It may be difficult to overwrite these unusable tracks. Before sensitive information is written to a disk, all unusable tracks, sectors, or blocks should be identified (mapped). During the life cycle of a disk, additional unusable areas may be identified. If this occurs and these tracks cannot be overwritten, then sensitive information may remain on these tracks. In this case, overwriting is not an acceptable purging method and the media should be degaussed or destroyed.

Here are two links that address the issues :
http://www.hipaadvisory.com/tech/disksan.htm
http://en.wikipedia.org/wiki/Data_remanence

What is your corporate policy on excess equipment and disk sanitization?

This entry was posted in Uncategorized. Bookmark the permalink.