Shredding vs. degaussing: what do the security experts say?
One of the biggest challenges we face when we talk to people about degaussing is all the other ways they can destroy their hard drives. “Oh I just take my drives out back and smash ‘em with a hammer!” That’s all well and good, but someone could easily put those bits of smashed drive back together. “Well then I’ll just smash ‘em into more bits!” That won’t stop someone from reassembling the drive – and besides, isn’t your arm getting tired from all that smashing? “Okay then, I’ll use a shredder!” There’s the answer I was looking for: shredding.
Shreddy or not
For the longest time, shredding has been the go-to way to dispose of old hard drives. Break them apart into tiny pieces, and your data is destroyed. Seems simple enough, right? Except that your data isn’t actually destroyed, because that’s not how magnets work. Think of a hard drive like a jigsaw puzzle. You can write data magnetically to an area of the hard drive platter, just as you would print a picture on puzzle pieces. If you break that drive apart, just like breaking apart a jigsaw puzzle, the pieces are still there and they still contain the information written on them. “But a shredder breaks a drive into such tiny pieces, you could never put them back together!” I hear you cry. This may be the case for all but the most determined of data thieves, but that data IS still there even broken up into tiny bits. Looking at those pieces under an electron microscope will prove it.
Ensure you’re secure
But something else has come to my attention; something which renders shredding unviable for data destruction. For this, we must look to the data security experts – the National Security Agency, across the pond in the US. The NSA conducts rigorous tests on data destruction equipment like degaussers, shredders and software-based solutions. If anyone knows secure destruction, it’s them – so much so that the UK National Cyber Security Centre defers to the NSA for advice, So what do the NSA say about destroying hard drives? I’m glad you asked! According to NSA guidance, drives should be “sanitised” before they can be released. In other words, they should be cleansed of all data before anyone else gets their sticky hands on them. And there are only three surefire methods of sanitisation that the NSA recommend: using a degausser, incinerating the drives, or disintegrating them into powdery bits no larger than 2mm by 2mm. Most hard drive shredders won’t shred the drives down to this fine 2mm powder – so shredding does NOT meet the NSA guidelines.
With disintegration being impractical and incineration making a big toxic mess, the only viable option is degaussing. And what an option it is: no need to dismantle the drive, no need for hammers or blow torches or acid baths – simply stick the whole drive into the degaussing chamber and boom, instant total erasure. Degaussers are affordable and suited to office use, unlike industrial incinerators (you’re welcome to set up an incinerator in your office, but you might get some funny looks). Too many people are still falling into the shredder trap – there are other ways to wipe your old hard drives, people! Ways that are cheaper, cleaner, and most importantly, recommended by the highest authority.