Imagine dropping a hard drive into a trash can, and within a few seconds, being certain that the sensitive data it contained will be gone forever.
That's the promise of a new technology currently in development at L-3 Communications Corp., an IT services and security systems maker which has been researching the technology for more than a year. The new product, which researchers are calling a "data trash can," is about four to six months away from becoming a commercial product, according to engineers working on the project.
L-3's commercial technology, which might eventually be licensed and sold by another vendor, is an outgrowth of recently-published research by L-3 and the Georgia Institute of Technology on fast, comprehensive hard drive erasure. (See Researchers Find Technique to Quickly Erase Hard Drives.) Working on a method to help military agencies quickly destroy data in a combat zone, the Georgia Tech researchers have developed super-powerful permanent magnets that can penetrate hard-disk enclosures to quickly erase the data inside.
"It is basically a data trash can capable of erasing high coercivity media, even inside heavy gauge steel," says Michael Knotts, who leads the project for Georgia Tech. "The data on any magnetic media you throw into the device is rendered toast. It is completely unrecoverable, even given unlimited time and access to state-of-the-art forensic equipment."
In its current military form, the trash can is over 125 pounds and is designed to destroy data on large, combat-hardened hard drives in steel-protected caddies. But a smaller, lighter product that could be used on PCs and server drives, tapes, and other storage media is already in the works and could be ready before the end of the year, according to Jim Turner, senior staff engineer at L-3's ComCept division in Rockwall, Texas.
"It's definitely doable in a commercial form factor that would be competitive in price with other products that have been made for the same task -- in fact, it might be even a little less expensive," Turner says.
While the vendor isn't discussing exact pricing, comparable units run in the low five figures.
The problem of PC and server drive disposal has been a thorny one for years, giving rise to a whole range of technologies and services for overwriting, erasing, or physically destroying retired hard drives. However, specialists in computer forensics have often proven that, given enough time and technology, the data on the drives is often recoverable because it isn't sufficiently wiped out. In 2003, a group of MIT graduate students bought 158 hard disks on the used market; they were able to extricate data from all but 12 of them.
"That figure would probably be only about twice that today," says Adam Braunstein, senior research analyst at the Robert Frances Group. "Most enterprises still aren't doing enough to secure the data on retired drives. In fact, a lot of enterprises don't do anything -- they simply lock up their retired machines in storage when they're through with them, because they don't trust that the data will be safe if they send it out to be disposed of."
Enterprises today have two choices when it comes to disposing of old hard drives: do it themselves or get a third party to do it. As hard drives get larger, Braunstein observes, disk overwrites become increasingly time consuming. But third-party disposal services can also be very expensive, and there is often no way to positively ensure that the drives have truly been wiped clean and destroyed.
"Before you engage a third party to do your overwriting and disposal, you need to check them out very carefully," Braunstein explains.
But with the data trash can, an enterprise could potentially wipe their hard drives and other storage media clean before sending them out to be recycled, Turner observes. "I could even imagine a company coming around in a truck with a data trash can, and wiping out data the way some disposal companies shred your documents for you."
Technologies such as the data trash can are becoming increasingly important for many enterprises, not just because of the time and cost of hard drive erasure but because new regulatory requirements mandate the safe erasure and disposal of old storage media. "It's a part of the audit," Braunstein notes.
The data trash can could solve the problem by providing a low-cost, on-site disposal mechanism that is even more effective than a paper shredder. "Once it's been through the data trash can, it's garbage," says Turner. "At that point, data recovery is no longer possible."
Tim Wilson, Site Editor, Dark Reading