[NBLUG/talk] OT: Bulk erasure

[Eric Eisenhart]

On Wed, Apr 02, 2003 at 05:58:46PM -0800, Sebastian wrote:
> That's around the neighborhood I was thinking, I guess. Not CIA-class
> security, but not a simple format either. Mostly I don't want a potential
> competitor to buy a used computer and find a salesperson's contact list
> sitting on the drive. We're not talking national security or anything, but
> confidential all the same :)

My opinion is that you fall into one of 2 camps:
1) Your security needs are low enough that a software-based erase is "good
   enough".  Just writing all zeros or all ones or random info to the media is
   "good enough".  Preferably at least one of each of those.
2) Your security needs are high enough that destroying the media is
   required.  A bulk eraser is pretty good, but disassembling the drives and
   applying a rotary sander is even better.

So, is your contact list really worth $10K to a competitor?  Would they be
able to (or have reason that they'd be able to) take that contact list and
be guaranteed to make over $10K?  (or have a 10% chance of making over
$100K, etc...)

There's no "100%" guarantee of security.  Evaluate the risks and respond
accordingly.  Too much mis-directed paranoia can hurt your security more
than it helps.  Take costs into account.  A bulk eraser makes more sense
than total destruction when volume is taken into account...  even companies
with bulk erasers are likely to destroy media entirely, as media is cheap,
long-lived and the next generation is always bigger.

Most real-world examples of undesired data recovery come down to not even
bothering to delete the files at all in the first place.  Not "oh, they
deleted them but our fancy software undeleted them", but "we found the
files sitting there and checked them out."
-- 
Eric Eisenhart
NBLUG Co-Founder & Vice-President Pro Tempore
The North Bay Linux Users Group
http://nblug.org/
eric at nblug.org, IRC: Freiheit at freenode, AIM: falschfreiheit, ICQ: 48217244