Re: Disposal of storage devices/media

[R.S.]

W dniu 2014-01-20 01:51, Graham Harris pisze:
Some (most?) sites have a policy of "putting beyond use" storage
devices/media that need to leave their data centre confines for some reason
(e.g. failure-replacement, end-of-life).
Simplistically, this could be via physical destruction (crushing, platter
hole punching, sledgehammer, etc.) or logical (degauss, multiple data
overwrite cycles, etc.), although this doesnt preclude the existence of
other disposal methods.
Correction: degaussing is physical method. Not mechanical, but 
definitely physical. "Hell fire" is also physical, but not mechanical 
and it's being in use as well. BTW: small Polish company patented 
chemical method (let's say some acid to destroy the media).

'storage device/media' is referring to any non-volatile permanent storage,
such as tape media, disk/ssd, true non-volatile disk cache, in-processor
flash cards, etc.

My question is, whether the move towards at-rest encryption of storage
devices/media across the industry, is likely to influence a site's policy
in terms of disposal?
If not, then what is the perceived benefit of acquiring encryption at rest
technology (as opposed to non-encrypted), beyond just an extra layer of
data obfuscation as a 'just in case', especially for sites with a policy of
'crush everything'?
Well, two points:
1. Encryption means the data is still there, but you need a lot of time 
or ...just good luck to access it. So, when you dispose encrypted media 
then it's very unlikely someone could read it, but when you dispose 
erased media then you are sure.
2. LAS, BUT NOT LEAST: you assumed site's policies are reasonable. 
Security people are reasonable. Bad assumption. There are so many cases 
proving the opposite. As an example I've met lately: one has to degauss 
disk drives which were never ever used for storing company data. Whole 
dasd box was never attached to any host. However, in order to dispose 
the box, despite of common sense, he has to remove every disk drive, 
degauss it, store it's serial number in the protocol (as well as the 
vendor and type/model). Why? Policy!

My €0.02

--
Radoslaw Skorupka
Lodz, Poland






--
Tre tej wiadomoci moe zawiera informacje prawnie chronione Banku 
przeznaczone wycznie do uytku subowego adresata. Odbiorc moe by jedynie 
jej adresat z wyczeniem dostpu osób trzecich. Jeeli nie jeste adresatem 
niniejszej wiadomoci lub pracownikiem upowanionym do jej przekazania 
adresatowi, informujemy, e jej rozpowszechnianie, kopiowanie, rozprowadzanie 
lub inne dziaanie o podobnym charakterze jest prawnie zabronione i moe by 
karalne. Jeeli otrzymae t wiadomo omykowo, prosimy niezwocznie 
zawiadomi nadawc wysyajc odpowied oraz trwale usun t wiadomo 
wczajc w to wszelkie jej kopie wydrukowane lub zapisane na dysku.

This e-mail may contain legally privileged information of the Bank and is 
intended solely for business use of the addressee. This e-mail may only be 
received by the addressee and may not be disclosed to any third parties. If you 
are not the intended addressee of this e-mail or the employee authorized to 
forward it to the addressee, be advised that any dissemination, copying, 
distribution or any other similar activity is legally prohibited and may be 
punishable. If you received this e-mail by mistake please advise the sender 
immediately by using the reply facility in your e-mail software and delete 
permanently this e-mail including any copies of it either printed or saved to 
hard drive.

mBank S.A. z siedzib w Warszawie, ul. Senatorska 18, 00-950 Warszawa, www.mBank.pl, e-mail: kont...@mbank.pl 
Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, nr rejestru przedsibiorców KRS 0000025237, NIP: 526-021-50-88. Wedug stanu na dzie 01.01.2014 r. kapita zakadowy mBanku S.A. (w caoci wpacony) wynosi 168.696.052 zote.


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN