In the previous post, we discussed some common misconceptions about data erasure, which is a top priority for most organizations that deal with the disposition of their IT assets. We found that performing data erasure internally—using your organization’s own staff and resources—is not always the least expensive, most secure way to handle it. Here are five more myths to consider as you plan to optimize your organization’s IT asset disposition program:

 Myth #6: “I destroy all my drives to be secure.”

Truth: All the major standards organizations accept proper data erasure as equal to the physical destructions of drives. IT assets without hard drives lose about 20 to 30 percent of their remarket value. On the other hand, erasure does cost money, so erasing data from equipment that won’t have resale value is a waste. One method—erasure or destruction—does not fit all the possible disposition scenarios. A good ITAD vendor can help you analyze the different factors and create a plan that balances remarket value with risk and security.

Myth #7: “Solid state drives (SSDs) cannot be erased.”

Truth: Solid state drives have become a popular alternative to magnetic drives. Although they appear to operate the same as magnetic drives, their underlying technology is quite different. Some believe data can never be fully erased from solid state drives. However, experts at the University of California, San Diego Department of Computer Science and Engineering Non Volatile Systems Laboratory (NVSL) have found that performing Secure Erase and software based sanitization together can  be effective for erasing readable data on these drives.

Myth #8: “I erased the drives, so I’m covered.”

Truth: Simply believing data has been erased from retired equipment at some point is not enough to give IT managers peace of mind. Where is the equipment stored prior to erasure and where does it go after? Without a documented process and a clear chain of custody, there is risk equipment with data that hasn’t been erased can slip through the cracks in the process and into the outside world. A well-documented disposition process is a necessity for any organization that is concerned about data security.

Myth #9: “The standard for data erasure is DoD (Department of Defense), three-pass or seven-pass.”

Truth: The Department of Defense standard for data erasure, DoD 5220.22-m, often referred to in the industry as simply “DoD,” has been surpassed. The latest U.S. government standard, developed by the National Institute of Standards and Technology and Homeland Security, is NIST 800-88. The previous DoD requirement of 3 passes is effective.  However,experts say, modern drives are much more accurate writing than drives from 20 years ago, and really require only one pass to sanitize all data.

Let us know what you believe to be myth or truth about data erasure and security?