Re: Physical HDD destruction

["Perry, Jeff" <perry () KU EDU>]

We have two different degausser that we use in-house.  One is small and very fast (10 seconds) for one off drives/tapes 
(but packs a 9,000 Oe punch).  The other is a larger system that can do physically large media (old drives, tape, whole 
laptops) or a large number of drives all at once that we use for batch processing.

We were concerned with space requirements and noise so we opted to go the degausser route over shredders.

Make sure if you consider degaussers that you get one that:

a.)    Is commonly bought and used by high compliance organizations (Government, Banking Industry, Health Care)

b.)    Has a very high magnetic field rating as some modern media is incredibly resistant to mag fields (i.e. you can't 
pass an old VHS eraser magnet over them)

c.)     Has a good duty cycle as some of cheaper brands/models take 10+ minutes to charge up between cycles

d.)    Has a good warranty/maintenance contract (they tend to beat themselves up over time as there is almost always 
some ferrous metal attached to the drives that can't be easily removed)

We've been very happy with Garner Products and have some units that have been in use for years and have done thousands 
and thousands of cycles.
http://www.garner-products.com/

As an aside we handle all e-waste pickups internally.  One of the critical success factors for us was to make it very 
simple for our departments to "do it right" without introducing undo risk.  We (IT) pickup the equipment at a scheduled 
time free of charge, sign for custody/University Asset Disposal Forms, and we transport and dismantle the system in a 
very secure location and immediately pass the drive through a degassuer.  The drive can then sit until we have enough 
to schedule a pickup with our ewaste recycler.

We do have an alternate path that allows for departments to wipe the disks and reuse them under certain situations 
(based on data classification) using an approved tool but we've found that due to MTBF ratings and cost it's typically 
more cost effective to destroy the drive unless it's very new (labor is expensive).

Cheers,
Jeff Perry

--------------------------------------------
Jeff Perry, CISSP
Deputy Technology Officer
Information Technology
The University of Kansas
Direct +1 785-864-0489
Fax    +1 785-864-0485
Email perry () ku edu<mailto:perry () ku edu>
--------------------------------------------




From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Matt 
Marmet
Sent: Tuesday, March 20, 2012 1:17 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Physical HDD destruction

Good day Everyone,

Here at Armstrong, we have a couple hundred hard drives that we have to physically disable/destroy. We also have about 
200 hard drives per year that our desktop support staff recover from old machines that need to be destroyed as well. We 
have seen some of the hydraulic electric presses that are enclosed as well as manual presses that are made for this 
type of work. What are other institutions using to destroy HDDs securely and safely?

Regards,

Matt

---
Matt Marmet
Director of IT Security, CISO
Armstrong Atlantic State University
11935 Abercorn Street
Savannah, GA 31419
Desk: (912) 344-3528<tel:%28912%29%20344-3528>
Cell:  (912) 414-0684<tel:%28912%29%20414-0684>

Security Tip: No matter how authentic the request appears, if you are asked in an email or via the phone to provide 
your password - it is a SCAM.

******* The ITS Team will NEVER, EVER, EVER ----- EVER ask for your
username and password via Email. Don't respond to any requests for
this information ******

"The lesson here is that anything that holds any data of any value must be protected."