Working in the technology industry is a daily geekfest. Personally, I love learning about the next generation of software architecture, network intelligence and server virtualization. Yet in spite of the fact that our industry persistently challenges the laws of physics, sometimes it comes face to face with basic obstacles.
I saw this when I worked at a fly-by-night telecom start-up where we pitched high-speed private optical networking services. It was cutting-edge stuff until we realized that dark fiber is far from ubiquitous. More often than not, laying fiber involves digging ditches, getting permits, dealing with unions, and spooling wires up the sides of buildings. In this world, you'll be more successful working with guys from Brooklyn than engineers from MIT.
Data destruction is another area where high- and low-tech collide. There are, of course, several software programs listed in documents such as the National Industrial Security Program Operating Manual that specify how to overwrite a disk with loads of patterns of 1s and 0s. As if that weren't enough, there is a supporting process called degaussing in which a specialized device de-magnetizes a disk and thus erases all its data. The U.S. General Service Administration maintains a list of approved degaussers.
All of these data destruction techniques come together in the Department of Defense standard DoD 5220.22-M. This standard with the catchy name makes magnetic media "forensically unrecoverable." A bunch of companies are certified to provide DoD 5220.22-M services. You pay them; they do a couple of passes on your drives and then certify compliance. Wham, bam, thank you, Uncle Sam.
At the same time, lots of private sector companies use far less sophisticated techniques. Some use sledgehammers to bend the drives and pliers to rip apart the electronics. Others use drills to turn hard drives into Swiss cheese.
Want a little more pizzazz? You can also purchase disk drive "crushers" at the RSA Security Conference. These devices turn magnetic drives into toxic dust before your eyes.
As for certification, compliance and standards, the brute-force data destruction processes aren't closely managed or audited and there are certainly no log files associated with a 20-pound sledgehammer.
But next time your company needs to delete data, I propose going the sledgehammer route.