Wednesday, July 2, 2008

The key to data wiping

You've just spent the last of the financial year's budget on new computers. Fantastic. And you might even donate your old computers to charity, or sell them on eBay. But what about the data stored on them? You may need to get rid of it before you get rid of the computers.

Adrian Briscoe, General Manager Asia Pacific, Kroll Ontrack, a data recovery company, advises businesses and individuals to be cautious when discarding old hardware with proprietary information.

A test of three PC workstations and two servers purchased by Kroll Ontrack on eBay found that, while all the hardware had been subjected to some type of data erasing, three units had a combined total of approximately 70GB of data ranging from Excel, Lotus 1-2-3, image files and back-up archives. "Take care to delete data properly," says Mr Briscoe, "and not just by using the format command on your computer. You need to erase the hard drive to a certain standard."Bill Taylor-Mountford, general manager of Acronis, a company that provides storage management and disaster recovery software, agrees."Deleting data leaves a fingerprint, or a ghosted image. With the right tools, specialists can recover the data after it has been deleted.

That's why some software-wiping algorithms use 35 passes to destroy data."Mr Briscoe says any device that has information presents some risk to organisations, and needs to be wiped permanently. "The erasing process will take anywhere from half an hour to half a day. Nobody considers buying a PC without having antivirus software. Why not run erasing software as part of the process at the end of the computer's life cycle?"But is just deleting your data every time you get rid of computers the smartest thing to do? What if you have 1000 computers to get rid of?

Wiping everything may take up more time, energy and money than it's worth, says Milton Baar, director of IT Security consultants The Swoose Partnership, and committee member of Standards Australia IT 12/4, which represents Australia for ISO27001, the international standard for information security management."Organisations should start a thousand miles earlier than end of financial year," says MrBaar. "They need corporate governance practices, which cover information security issues.

Organisations should understand what information they have on their computers and have control of it, rather than just wiping everything when they get rid of the equipment."

1 comment:

RichardSmith said...

You have really summarized in great details about the importance of Certification of ISO 27001 Consultant Standard and how it is widely becoming the choice of many organizations.Really informative review.Thanks for this.Information Security Foundation based on ISO/IEC 27002 Certification in Dubai