Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts.

How Should I Securely Destroy/Discard My Devices?

While it is possible to do data destruction in-house, doing it correctly and at scale can be tedious.

Kurtis Minder, Co-Founder & CEO, GroupSense

August 3, 2020

2 Min Read

Question: How should I securely destroy/discard my devices?

Kurtis Minder, CEO of GroupSense: Companies often wish to dispose of depreciated technology assets. Given the amount of sensitive data on many of these devices, data destruction is an important part of the disposal process. There are several methods to data instruction, including formatting, degaussing the drives with a magnetic field, and, of course, physical destruction of the device or drive.

While it is possible to do data destruction in-house, doing it correctly and at scale can be tedious. Even so, some organizations have data residency or extreme circumstances requiring on-site destruction. Some companies provide solutions to facilitate in-house destruction, while IT asset disposition (ITAD) providers often offer on-site destruction at a higher cost. Destruction of storage devices at a remote facility is typically charged by the pound and can be in the 75-cents range. On-site destruction of digital media by an ITAD can cost up to $150 per device.

It is important to make sure the firm you choose is diligent about data destruction, following NIST 800-88 guidelines and utilizing the three-pass wipe method, which first writes zeros to the drive, then validates pass one was successful, and lastly writes random data over the zeros. NIST 800-88, which was adopted in 2006 with the mission of creating guidelines for data sanitization, was updated recently to reflect new media types, similar to the flash storage found on the new mobile phones. 

Related Content:



Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

About the Author(s)

Kurtis Minder

Co-Founder & CEO, GroupSense

Kurtis Minder is the Co-Founder and CEO of GroupSense where he leads a team of world-class analysts and technologists providing custom cybersecurity intelligence to some of the globe’s top brands. He has more than 20 years of experience in roles spanning operations, design, and business development at companies like Mirage Networks (acquired by Trustwave), Caymas Systems (acquired by Citrix), and Fortinet (IPO). Minder is also a world-renowned ransomware negotiator and was recently profiled in The New Yorker for his work. He has been featured in the media across four continents and has recently been on CNN, The BBC, and CBS, and featured in publications such as Reuters, The Wall Street Journal, The New York Times, Fortune, and The Washington Post about ransomware.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights