Main Nav

Good day Everyone,

 

Here at Armstrong, we have a couple hundred hard drives that we have to physically disable/destroy. We also have about 200 hard drives per year that our desktop support staff recover from old machines that need to be destroyed as well. We have seen some of the hydraulic electric presses that are enclosed as well as manual presses that are made for this type of work. What are other institutions using to destroy HDDs securely and safely?

 

Regards,

 

Matt

 

---
Matt Marmet
Director of IT Security, CISO
Armstrong Atlantic State University
11935 Abercorn Street
Savannah, GA 31419
Desk: (912) 344-3528
Cell:  (912) 414-0684

 

Security Tip: No matter how authentic the request appears, if you are asked in an email or via the phone to provide your password - it is a SCAM.


******* The ITS Team will NEVER, EVER, EVER ----- EVER ask for your

username and password via Email. Don't respond to any requests for
this information ******

 

"The lesson here is that anything that holds any data of any value must be protected."

 

Comments

On 03/20/2012 02:17 PM, Matt Marmet wrote: > Good day Everyone, > > Here at Armstrong, we have a couple hundred hard drives that we have to physically disable/destroy. We also have about > 200 hard drives per year that our desktop support staff recover from old machines that need to be destroyed as well. We > have seen some of the hydraulic electric presses that are enclosed as well as manual presses that are made for this type > of work. What are other institutions using to destroy HDDs securely and safely? > > Regards, > > Matt Hi Matt, We have a technician who enjoys disassembling them (while waiting for software to load, etc...). Physically mangling the platters (sometimes they shatter; watch out!) seems sufficient and then we just dispose of the trash. And we get the benefit of a bunch of cool magnets to play with (some of them are strong enough to be almost dangerous) at the end of the process. Our volume is in the dozens, not hundreds, but all in all, it didn't really take him that long to work through a rather large box of them last year. be well, ~c > > --- > Matt Marmet > Director of IT Security, CISO > Armstrong Atlantic State University > 11935 Abercorn Street > Savannah, GA 31419 > Desk: (912) 344-3528 > Cell: (912) 414-0684 > > Security Tip: No matter how authentic the request appears, if you are asked in an email or via the phone to provide your > password - it is a SCAM. > > > ******* The ITS Team will NEVER, EVER, EVER ----- EVER ask for your > > username and password via Email. Don't respond to any requests for > this information ****** > > "The lesson here is that anything that holds any data of any value must be protected." >

We have contracted with a company for data destruction. This includes HDDs, flash drives, and paper.

 

Ben Pratt

St. Cloud State University

 

Matt,

Our contract for paper shredding includes media shredding.  The bins look identical but are labelled specifically for hard drives, magnetic tape cartridges and CDs/DVDs.  The vendor has a truck that visits the campus periodically, empties the receptacles and shreds the media on site. One of our facilities folks accompanies the vendor's representative to each receptacle and then witnesses the destruction of both paper and media.  If you wish to know more, drop me a line.

Clifford A. Collins
Information Security Officer
Franklin University
201 South Grant Avenue
Columbus, Ohio 43215
"Security is a process, not a product"

From: "Matt Marmet" <matt.marmet@ARMSTRONG.EDU>
To: SECURITY@LISTSERV.EDUCAUSE.EDU
Sent: Tuesday, March 20, 2012 2:17:09 PM
Subject: [SECURITY] Physical HDD destruction

Good day Everyone,

 

Here at Armstrong, we have a couple hundred hard drives that we have to physically disable/destroy. We also have about 200 hard drives per year that our desktop support staff recover from old machines that need to be destroyed as well. We have seen some of the hydraulic electric presses that are enclosed as well as manual presses that are made for this type of work. What are other institutions using to destroy HDDs securely and safely?

 

Regards,

 

Matt

 

---
Matt Marmet
Director of IT Security, CISO
Armstrong Atlantic State University
11935 Abercorn Street
Savannah, GA 31419
Desk: (912) 344-3528
Cell:  (912) 414-0684

 

Security Tip: No matter how authentic the request appears, if you are asked in an email or via the phone to provide your password - it is a SCAM.


******* The ITS Team will NEVER, EVER, EVER ----- EVER ask for your

username and password via Email. Don't respond to any requests for
this information ******

 

"The lesson here is that anything that holds any data of any value must be protected."

 

Electromagnetic degaussing which sanitizes the disk and destroys the drive.

 

Doug

 

Doug Streit, CISSP

Director, Information Security

Information Security Officer

OCCS Old Dominion University

4700 Elkhorn Avenue, Suite 4300

Norfolk, Virginia 23529

757-683-5424  jstreit@odu.edu

 

 

We are currently using a press to crush the drives. Previously, I have also used hard drive duplicators to zero out / DoD wipe multiple drives at once.  

Dan Han
Information Security Officer
Virginia Commonwealth University
Office: (804) 828 -1015

Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, Social Security number or confidential personal information.  For more details visit http://go.vcu.edu/phishing or http://phishing.vcu.edu.




From:        Matt Marmet <matt.marmet@ARMSTRONG.EDU>
To:        SECURITY@LISTSERV.EDUCAUSE.EDU
Date:        03/20/2012 02:18 PM
Subject:        [SECURITY] Physical HDD destruction
Sent by:        The EDUCAUSE Security Constituent Group Listserv <SECURITY@LISTSERV.EDUCAUSE.EDU>



Good day Everyone,
 
Here at Armstrong, we have a couple hundred hard drives that we have to physically disable/destroy. We also have about 200 hard drives per year that our desktop support staff recover from old machines that need to be destroyed as well. We have seen some of the hydraulic electric presses that are enclosed as well as manual presses that are made for this type of work. What are other institutions using to destroy HDDs securely and safely?
 
Regards,
 
Matt
 
---
Matt Marmet
Director of IT Security, CISO
Armstrong Atlantic State University
11935 Abercorn Street
Savannah, GA 31419
Desk: (912) 344-3528
Cell:  (912) 414-0684
 
Security Tip: No matter how authentic the request appears, if you are asked in an email or via the phone to provide your password - it is a SCAM.

******* The ITS Team will NEVER, EVER, EVER ----- EVER ask for your
username and password via Email. Don't respond to any requests for
this information ******
 
"The lesson here is that anything that holds any data of any value must be protected."
 

Dan,

 

Would you know the manufacturer of the press? And are you happy with it?

 

Matt

 

---
Matt Marmet
Director of IT Security, CISO
Armstrong Atlantic State University
11935 Abercorn Street
Savannah, GA 31419
Desk: (912) 344-3528
Cell:  (912) 414-0684

 

Security Tip: No matter how authentic the request appears, if you are asked in an email or via the phone to provide your password - it is a SCAM.


******* The ITS Team will NEVER, EVER, EVER ----- EVER ask for your

username and password via Email. Don't respond to any requests for
this information ******

 

"The lesson here is that anything that holds any data of any value must be protected."

 

I’ve heard that the next version of SpinRight from Gibson Research is going to include a disk-wiper.  Steve Gibson appears to know his stuff, so I’m not entirely skeptical that a software solution isn’t a bad idea (how’s that for a quadruple-negative!?) .. ie I’m inclined to believe it would work.  Right now, our students take a hammer, drill, et al to the drives.  If the drives can be safely (both from digital and physical-safety perspectives) wiped and recycled, isn’t that a better thing?

 

-Brian Helman

 

Here is one company I know of.  I don’t own the product, but I’ve seen it a few times.

http://www.edrsolutions.com/solution.asp

 

D/C

 

Message from craig.edgmand@okstate.edu

We use the EDR hard drive crusher.  It works like a champ, we have crushed over 4000 drives without any problems.

For large requests (over 200 at a time) we can take them to a state facility to have them shredded.

Craig Edgmand

Lead Security Engineer at Oklahoma State University

We also contract with a company that securely destroys hard drives.

 

_______________________

Jim Taylor

Information Security Officer (ISO)

Missouri State University

417-836-5226

 

Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.

 

We are currently using a large, industrial shredder:  no part of the hard drive (or other devices) is more than a few millimeters in size on the output side.

On 3/20/2012 2:17 PM, Matt Marmet wrote:

Good day Everyone,

 

Here at Armstrong, we have a couple hundred hard drives that we have to physically disable/destroy. We also have about 200 hard drives per year that our desktop support staff recover from old machines that need to be destroyed as well. We have seen some of the hydraulic electric presses that are enclosed as well as manual presses that are made for this type of work. What are other institutions using to destroy HDDs securely and safely?

 

Regards,

 

Matt

 

---
Matt Marmet
Director of IT Security, CISO
Armstrong Atlantic State University
11935 Abercorn Street
Savannah, GA 31419
Desk: (912) 344-3528
Cell:  (912) 414-0684

 

Security Tip: No matter how authentic the request appears, if you are asked in an email or via the phone to provide your password - it is a SCAM.


******* The ITS Team will NEVER, EVER, EVER ----- EVER ask for your

username and password via Email. Don't respond to any requests for
this information ******

 

"The lesson here is that anything that holds any data of any value must be protected."

 



Matt,

Our press is made by Verity Systems, and I am fairly happy with it. The only complaint I have is that our model can only crush one drive at a time.

-Dan




We, too, use a shredder. 

 

We looked at commercial companies, and the nice thing there was that they would handle the destruction and the “green” disposal of the leftovers – all under a secure handling model.  But – what we found out was that – in the long run – we could do the same destruction, *and* wound up finding 2-3 other recyclers that actually got in to a bidding war to buy the ground up leftovers that came out of the shredder.  Granted – it wasn’t a lot, but we now have a destruction process that is very secure and controlled – and we can be green by disposing of the materials with an approved recycler……

 

M

 

Message from chickernell@clarion.edu

Our Helpdesk has a SEM 0101 Sledgehammer Hard Drive Crusher for destruction.  It only does one drive at a time, but it is convenient and easy to use.  When the technician pulls-out a drive, he can turn around and destroy it—no risks surrounding boxes/stacks of hard drive laying around with sensitive data on them waiting to be destroyed -- or stolen.  This is not a good solution for bulk processing of hundreds of hard drives, but good for continuous use and small batches, then there is never a need to outsource the destruction.

 

Christopher Hickernell, CCNA, MCSE

Network Support Specialist, ResNet Manager

Clarion University of Pennsylvania

Center for Computing Services

G-13 Still Hall, Clarion, PA 16214

chickernell@clarion.edu | 814.393.2218

 

“To be a long-term success, you have to have failures.  People who are working near their limit make mistakes and take risk.”

~Gerry McCartney, Purdue University

 

 

We have two different degausser that we use in-house.  One is small and very fast (10 seconds) for one off drives/tapes (but packs a 9,000 Oe punch).  The other is a larger system that can do physically large media (old drives, tape, whole laptops) or a large number of drives all at once that we use for batch processing.

 

We were concerned with space requirements and noise so we opted to go the degausser route over shredders. 

 

Make sure if you consider degaussers that you get one that:

a.)    Is commonly bought and used by high compliance organizations (Government, Banking Industry, Health Care)

b.)    Has a very high magnetic field rating as some modern media is incredibly resistant to mag fields (i.e. you can’t pass an old VHS eraser magnet over them)

c.)     Has a good duty cycle as some of cheaper brands/models take 10+ minutes to charge up between cycles

d.)    Has a good warranty/maintenance contract (they tend to beat themselves up over time as there is almost always some ferrous metal attached to the drives that can’t be easily removed)

 

We’ve been very happy with Garner Products and have some units that have been in use for years and have done thousands and thousands of cycles.

http://www.garner-products.com/

 

As an aside we handle all e-waste pickups internally.  One of the critical success factors for us was to make it very simple for our departments to “do it right” without introducing undo risk.  We (IT) pickup the equipment at a scheduled time free of charge, sign for custody/University Asset Disposal Forms, and we transport and dismantle the system in a very secure location and immediately pass the drive through a degassuer.  The drive can then sit until we have enough to schedule a pickup with our ewaste recycler.

 

We do have an alternate path that allows for departments to wipe the disks and reuse them under certain situations (based on data classification) using an approved tool but we’ve found that due to MTBF ratings and cost it’s typically more cost effective to destroy the drive unless it’s very new (labor is expensive).

 

Cheers,

Jeff Perry

 

--------------------------------------------

Jeff Perry, CISSP

Deputy Technology Officer

Information Technology

The University of Kansas

Direct +1 785-864-0489

Fax    +1 785-864-0485

Email perry@ku.edu

--------------------------------------------

 

 

 

 

Good day,

 

I just wanted to thank everyone for their input. It looks like we will be going with Destroyit’s 0101HDP.

 

http://www.destroyit-shredders.com/0101hdp_hard_drive_punch.html

 

It punches a hole though the HDD and then allows you to drop in a lower bin. No tiny sharp pieces to contend with post destruction.

 

Regards,

 

Matt

 

 

 

---
Matt Marmet
Director of IT Security, CISO
Armstrong Atlantic State University
11935 Abercorn Street
Savannah, GA 31419
Desk: (912) 344-3528
Cell:  (912) 414-0684

 

Security Tip: No matter how authentic the request appears, if you are asked in an email or via the phone to provide your password - it is a SCAM.


******* The ITS Team will NEVER, EVER, EVER ----- EVER ask for your

username and password via Email. Don't respond to any requests for
this information ******

 

"The lesson here is that anything that holds any data of any value must be protected."

 

Close
Close


Annual Conference
September 29–October 2
View Proceedings

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.