Categories
Blog Data Erasure

The 3 Types of Disk Wiping Software

Many organizations use overwrite-based disk wiping software before reuse and disposal of old disks and PCs since it is secure, eco-friendly, and cost-effective. In addition to their fundamental requirement of adopting global standard overwrite algorithms and their compatibility with various disk types, disk wiping solutions have begun to place more emphasis on management with features such as remote deployment, remote wiping, and detailed logging and reporting.

CD/USB Type

In order to wipe entire system disks, including the operating system (OS), traditional existing solutions need to load an additional because the wiping program cannot wipe its own OS. Often referred to as a CD/USB type, this type requires that a USB or CD that has been loaded with the wiping software and the additional OS be inserted into the machine and the booting priority be reordered in the BIOS so that the additional OS will run instead of the system OS. After doing so, the wiping program will be booted from the additional OS and will be able to erase the system disk OS.

Many disk wiping solution vendors offer this type of solution because it can be used in multiple situations such as when the machines are offline or do not have a working OS. But, typically, this type of solution is used by specialists since there are some required procedures such as BIOS setup, algorithm selection, and amount of overwrites selection which may be difficult for the average user. It has been common practice for companies to gather decommissioned PCs into a separate storage space, usually located with an in-house security team or with a 3rd party service company, for a certain period of time before a specialist would individually wipe all of the collected disks. The CD/USB type was purposed for this type of situation but there are concerns that data might be left vulnerable since the disks and computers are left unwiped while in storage or when transporting them.

EXE Type

More recently, vendors such as Blancco, WipeDrive, and Bluestsoft have begun offering wiping solutions that can be launched via EXE file. These types of solutions can be convenient since they do not require any additional booting device or BIOS setup. When the exe file is launched, the ISO file would be saved to the local disk and would register the additional OS to the boot file (boot.ini). By doing so, once the computer has been rebooted, the boot manager would be launched allowing the user to choose to boot the additional OS. Once selected, the wiping process would begin. Though the process is similar to the CD/USB type since the booting device is replaced with an ISO file, it can allow the specialist to wipe disks remotely before moving it to storage or for permanent disposal. However, this process can still be troublesome since each PC needs to be individually granted administrator rights in order to download, install, and run the exe file as well as instruct the user how to use the boot manager and which wiping type and settings to be used.

With both the EXE and CD/USB types, Windows PE and Linux are widely used as the additional OS. For Windows PE, this may be partly because of the familiarity of the Windows system. But if Windows PE is used as the additional OS, there are a couple of limitations due to Microsoft license policy which would require end-users to have to integrate Windows PE with the wiping software themselves and the OS would restart itself every 72 hours. Linux is a fairly unfamiliar OS for the average user. Also, both of these additional operating systems require the installation of additional drivers in order to make it possible to detect and recognize RAID systems. Overall, the limitations of the additional operating systems themselves can result in many inconveniences as well.

Native Type

SECUDRIVE has recently launched a new method of disk wiping, referred to as the Native type. This type makes it possible to wipe the entire disk, including the OS, without any additional OS or booting device. This type keeps the existing OS and uses native API to launch the wiping process before the Windows API is activated. There are no limitations due to licensing policies of OS vendors and disk systems, including RAIDs, can be recognized without any driver installation. The administrator can preset the wiping algorithm and number of overwrites according to their corporate security policy. Users can then download the wiping client and wipe their entire disk with the click of a button. Alternatively, the administrator can even forcibly wipe target disks remotely after deploying an MSI file to the users’ PCs using Active Directory’s Group Policy (GPO). A manager can monitor the wiping process in real-time and can then check the detailed log and report prior to transporting the PC. This will make it possible to wipe PCs effortlessly and immediately, before moving them into storage or for permanent disposal.

The traditional disk wiping process where decommissioned PCs are sent to storage to be wiped collectively at a later time needs to be changed. In terms of security, it is extremely risky to move unwiped, ownerless PCs to storage and leave them there for an extended period of time to collect dust. But now, a security manager can remotely wipe hundreds of disks simultaneously without moving them from their original location, all from the comfort of their own chair. They can monitor the wiping events through the network and then gather detailed logs and reports once the wiping process has finished. Undoubtedly, the native type would be the most secure and most convenient for corporate disk wiping.

Categories
NEWS News Letter Notice Press Release

SECUDRIVE Sanitizer Enterprise Released

SAN JOSE, Calif., Jan. 12, 2015 -Brainzsquare has launched SECUDRIVE Sanitizer Enterprise, an integrated disk wiping management solution that has been catered for enterprise environments. SECUDRIVE Sanitizer Enterprise (SE) makes it possible to manage the wiping process of disks may be widely spread or in remote locations, making it an effective solution for disposing or reusing old computers and hard drives.

By using SE, users are able to initiate the wiping process for specific disks via download. The process has been streamlined and provides a one-click wiping system. Once users download the software to their computer, they launch the program, select the disk they would like to wipe and click start. The administrator can preset the wiping algorithm and wiping policy for user-activated wiping which will wipe all data including the OS. Meanwhile, the administrator can monitor the process once the wiping begins from the management console. Aside from user-activated wiping, the administrator can also forcibly wipe entire computers without having to grant users administrative rights through remote deployment. All logs and reports which include detailed PC and disk information can be gathered once the wiping process has finished.

SE utilizes various military grade algorithms such as Department of Defense (DoD 5220.22-M) and Gutmann algorithms which can overwrite the data up to thirty-five times. Various disk types such as ATA/IDE, SATA, SCSI, USB, and firewire can all be wiped as well. Unlike many similar wiping solutions, SE ditches the overly complicated interface by not requiring any additional BiOS or OS setup, having the ability to launch straight from Windows and allowing for simultaneous wiping of hundreds of disks.

“It is important to wipe disks immediately after they have been decommissioned. When old drives and computers are sent to storage or outsourced to a disk destruction services, they are at their most vulnerable state. We believe that our product makes it possible to wipe disks the instant they are no longer being used. The user or administrator can activate the wiping process with just one click before leaving the office and have a completely wiped drive the next morning, ready to be moved to storage or transported elsewhere. It is incredibly easy to use and the entire process is managed and monitored as well,” stated Simon Kang, CEO of Brainzsquare.

Categories
Blog Data Erasure

3 Ways to Securely Destroy Data and their Associated Pains

Before disposing or reusing old company computers, it is imperative that data be securely destroyed in order to prevent leakage of corporate information. It is common knowledge that the computer’s deletion function as well as formatting does not completely wipe data. Most companies utilize one of these three methods for securely destroying data: Overwriting, degaussing, and physical destruction.

Overwrite

Disk overwriting is a data destruction method that uses software to overwrite data a certain amount of times using a specific number (such as “0”) or a series of randomly generated characters. Many of these solutions utilizes global standard algorithms such as DoD 5220.22-M or Guttman which can overwrite the area multiple times.

This solution are generally difficult for the average user because it often requires some sort of setup at the system level usually via a BiOS setup and an additional booting device (usually a USB or CD). Disk overwriting is seen as a secure, eco-friendly, and cost effective way to wipe data since drives can be reused in a safe manner. There is no need to remove disks from their machines but disk overwriting usually takes hours to complete. Also, the only visual confirmation of deletion is the log or report that is generated after the wiping has complete.

The solutions vary from freeware all the way up to enterprise-class solutions and the recommended solution and algorithm may differ according to how important or confidential the stored data may be.

Deguassing

Deguassing is the process of decreasing or eliminating the magnetic field on storage media. This process is incredibly fast as it takes less than a minute per hard drive. Generally, the disks have to be removed from the machine and hand fed into the degausser and the disks cannot be reused afterwards.

Degaussers can be fairly expensive with prices ranging from 10,000 USD to almost 100,000 USD. It is important to make sure that the degausser is always functioning properly or it could potential pose a security risk because feedback from the machine is the only way to discern whether to the process has been completed since there is not physical change on the disk.

Physical Destruction

Physically destroying the hard drives by using a hammer, a punching machine, or an industrial shredder is probably the most secure and sure-fire way of destroying data. The destruction process can be seen firsthand unlike in the degausser and disk overwriting methods.
Drives must be physically removed from the machine and cannot be reused afterwards. A dedicated and possibly separated space may be required since some of the machines can be fairly large and disruptive to an office environment.

Outsourcing Woes

Many companies actually outsource the secure data destruction process to third-party companies because of the associated manual labor and since it is likely not a part of their core business. Companies would rather not want to spend time, human capital, and physical space requirements to perform the data deletion if possible.

Meanwhile, companies that opt to use a third-party service can often be left feeling anxious or concerned that disks may be missed during transport or during the destruction process. In order to relieve some of the anxiety, some data destruction services will provide pictures or videos of the process and other may even provide destruction services onsite and then ship the destroyed drives out from the office for disposal.

It seems that companies tend to prefer degaussing or physical destruction in comparison to disk overwriting, despite overwriting being acceptable in most cases. This trend is most likely attributed to the definitiveness and speed of destruction. But, generally, drives can be left vulnerable during transport and it is safest to perform the data destruction without ever having to move a machine if possible.

Hybrid method

Recently, some companies have adopted a hybrid data destruction method where they combine overwriting and physical destruction. Drives would be overwritten without having to remove or move them, and detailed logs and reports can be generated. Then, the drives could either be reused or sent to an outsourced data destruction service for safe disposal. Companies can actually reduce the associated risks of using a third-party data destruction service, effectively destroy data while still being able to possibly reuse or recycle old drives and computers. The “hybrid method” is probably the most secure and eco-friendly of them all.