Bye-bye, data

It is best to obliterate sensitive hard disk data at the time you discard the files. File shredder programs (use any search engine with keywords "file shredder program review" for plenty of suggestions) can substitute for the normal delete function or wastebasket.

These tools overwrite the contents of a file to be discarded before deleting it with the operating system. However, a single-pass shredder may allow data to be recovered using special equipment; to make data recovery impossible, use military-grade obliteration that uses seven passes of random data.

Unfortunately, even shredder programs may not solve the problem for ultrahighly sensitive data. Because file systems generally allocate space in whole number of clusters, an end-of-file that falls anywhere short of the end of a cluster leaves "slack space" between the EOF and the end of the cluster. The file system does not normally overwrite slack space, so it is extremely difficult to get rid of these fragments unless you use shredder programs that specifically take this problem into account.

One tool that is used by the U.S. Department of Defense for wiping disks is CleanDrive: documentation specifies that the product genuinely wipes all data from a hard drive, regardless of operating system and format. The tool can even be run from a boot disk. It is licensed to individual technicians rather than to specific PCs, thus making it ideal for corporate use. (I have no involvement with CleanDrive or its makers, and this reference does not constitute an endorsement.)File shredder programs are a double-edged sword. They allow honest employees to obliterate company-confidential data from disks, but they also allow dishonest employees to obliterate incriminating information from disks. One program review includes the words, "The program's even got a trial copy you can download for free. So try it out and get those... ummm... errr... personal files off your work PC before the boss sends his computer gurus out to check your machine." This advice is clearly not directed at system administrators or to honest employees.

Telling the difference between the good guys and the bad guys is a management issue and has been discussed in previous articles published in this newsletter. However, as a precaution, I recommend that corporate policies specifically forbid the installation of file-shredder programs on corporate systems without authorization.

One quick note about magnetic tapes: Beware the scratch tape. In older environments where batch processing still uses tapes as intermediate storage space during jobs, it is customary to have a rack of "scratch" tapes that can be used on demand by any application or job. There have been documented cases in which data thieves regularly read scratch tapes to scavenge leftover data from competitors or for industrial espionage. Scratch tapes should be erased before being re-used.

As for broken or obsolete magnetic media, such as worn-out diskettes, used-up magnetic tapes and dead disk drives, the worst thing to do is just to throw this stuff into the regular garbage.

Security experts recommend physical destruction of such media using band saws, industrial incineration services capable of handling potentially toxic emissions, and even sledgehammers.

In conclusion, all of us need to think about the data residues that are exposed to scavengers. Whether you work in a mainframe shop or a PC environment, whether your organization is a university or a vulture capitalist firm, it's hard to carrion when data scavengers steal our secrets.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Good Guys

Show Comments