Question: How should I securely destroy/discard my devices?

Kurtis Minder, CEO of GroupSense: Companies often wish to dispose of depreciated technology assets. Given the amount of sensitive data on many of these devices, data destruction is an important part of the disposal process. There are several methods to data instruction, including formatting, degaussing the drives with a magnetic field, and, of course, physical destruction of the device or drive.

While it is possible to do data destruction in-house, doing it correctly and at scale can be tedious. Even so, some organizations have data residency or extreme circumstances requiring on-site destruction. Some companies provide solutions to facilitate in-house destruction, while IT asset disposition (ITAD) providers often offer on-site destruction at a higher cost. Destruction of storage devices at a remote facility is typically charged by the pound and can be in the 75-cents range. On-site destruction of digital media by an ITAD can cost up to $150 per device.

It is important to make sure the firm you choose is diligent about data destruction, following NIST 800-88 guidelines and utilizing the three-pass wipe method, which first writes zeros to the drive, then validates pass one was successful, and lastly writes random data over the zeros. NIST 800-88, which was adopted in 2006 with the mission of creating guidelines for data sanitization, was updated recently to reflect new media types, similar to the flash storage found on the new mobile phones. 

Related Content:

Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.