Data Erasure vs Degaussing
Jun 9, 2019
Data Destruction through degaussing and data erasure are methods of sanitizing the media – HDD, SSD, USBs etc. to mitigate risk and ensure compliance especially when storage media is disposed or reused. Government regulations, internal data security policies and industry standards with regard to data protection mandate the organizations to sanitize their data storage media prior to its reuse or disposal. Though the media sanitization techniques and standards may vary, the outcome is expected to be consistent —the data contained in the storage media shouldn't be possible to recover by any commercially viable data recovery method.
Let's look at standard methods of sanitizing the media and compare their advantages and disadvantages.
Method 1: Degaussing
Data is stored in magnetic media such as magnetic disk, hard disk, magnetic tapes. Degaussing eliminates the magnetic field from these storage devices by producing a magnetic field that neutralizes the magnetic particles and erases data from hard drive platters and tape films. In short, Degaussing disorients the domains in the random pattern, thereby rendering the previous data unrecoverable and leaving no scope for data-overwriting. However, the process also removes the startup files, thus rendering the hard drives (hardware) entirely inadequate for further usage.
Limitations of Degaussing
Degaussing may look easy but is risky for business. Some limitations are as below -
The only advantage of Degaussing is it provides a permanent data erasure solution for media that is no longer suitable for reuse or has bad sectors. With a list of environmental hazards and other limitations of degaussing, it would be good to measure the benefits of data erasure over degaussing.
Method 2: Data Erasure with software
A data erasure software overwrites the data (using zero and one) to completely destroy the electronic data residing on the hard disk drive and other digital media. Software based data erasure technique is unique, with below benefits:
Data erasure techniques are not suitable for Read-Only Optical discs; rest for all it is preferred method of media sanitization.
Data Erasure vs Degaussing
|1||Eco-friendly means of media sanitization as erasure through software produces no e-waste||Not eco-friendly as degaussing produces a large amount of e-waste|
|2||Sanitized Media can be Re-used.||Media destroyed cannot be Re-used|
|3||Suitable for all media including magnetic and non-magnetic storage. Software erases data from USB flash drives, SSD hard drives or flash cards.||Not-suitable for both magnetic and non-magnetic storage. Cannot erase data from electronic chips based on FLASH NAND.|
|4||Less time-consuming as a software-based methodology can be performed by the user also.||Time-consuming as degaussing is performed by experts only.|
|5||Not suitable for read-only Optical media||Suitable means of data destruction for read-only optical media|
|6||The software is scalable for multiple device erasure and saves time.||Degausser is not scalable. One drive is degaussed at a time.|
Effective data erasure is as crucial as data maintenance. No matter what erasure technique is used, it has to be a part of the consistent process and that it should be respected. The process should also define the responsibilities and the onus to maintain accountability. And never forget that data erasure techniques are a means to secure organizations from breaches, hence should not be mistaken for unnecessary impositions.
A detailed comparison of the two techniques data erasure and degaussing leads to the conclusion that both practices are certified data-destruction procedures, but data erasure with a certified software does not leave any residual data and does not harm the environment and hence scores better than degaussing.
|US Department of Defense, DoD 5220.22-M (3 passes)|
|US Department of Defense, DoD 5200.22-M (ECE) (7 passes)|
|US Department of Defense, DoD 5200.28-STD (7 passes)|
|Russian Standard – GOST-R-50739-95 (2 passes)|
|B.Schneier’s algorithm (7 passes)|
|German Standard VSITR (7 passes)|
|Peter Gutmann (35 passes)|
|US Army AR 380-19 (3 passes)|
|North Atlantic Treaty Organization-NATO Standard (7 passes)|
|US Air Force AFSSI 5020 (3 passes)|
|Pfitzner algorithm (33 passes)|
|Canadian RCMP TSSIT OPS-II (4 passes)|
|British HMG IS5 (3 passes)|
|Pseudo-random & Zeroes (2 passes)|
|Random Random Zero (6 passes)|
|British HMG IS5 Baseline standard|
|NAVSO P-5239-26 (3 passes)|
|NCSG-TG-025 (3 passes)|
|5 Customized Algorithms & more|