Degaussing vs. Shredding: Hard Drive Destruction
In securely destroying old hard drives and other magnetic media, shredding and degaussing are both widely used options. Which method to choose depends on one's security needs and budget. Let's compare the two options.
Degaussing leaves a hard drive physically intact but scrambles the data on the hard drive by subjecting the drive to a powerful magnetic field. Degaussing also destroys the factory-installed startup files on a hard drive, making the drive unusable after degaussing.
Degaussing machines are small, usually between 100 and 150 pounds, making them easily portable and enabling destruction inside the customer’s facility, minimizing the chances of a breach. However, the throughput of a single degausser is typically 100-150 drives per hour, so if there is a large number of drives to be shredded, multiple degaussing machines will be needed.
Also, server frames must be removed prior to placing the drive into the degaussing machine’s tray, which adds time to the process. Since a degaussed drive looks exactly like a non-degaussed drive, the degaussed drive must be tagged as “degaussed” with a sticker or marker after processing.
When choosing a degaussing vendor, it is advised to choose a vendor who uses a machine found on the National Security Agency’s Evaluated Products List. Devices approved by the NSA are suitable for destroying classified material, offering the highest security available.
Degaussing does not work on non-magnetic media, such as CD’s, DVD’s, thumb drives and solid-state hard drives. Since the latter can often be easily confused with traditional hard drives, customers are advised to sort through their drives to identify solid-state hard drives prior to presenting them to a data destruction vendor for degaussing.
High-security customers such as those in government and defense are advised to use both degaussing and shredding to ensure that there is no chance of data recovery from destroyed drives.
Hard Drive Shredding
Hard Drive Shredding does not eliminate the data on a hard drive, but instead physically destroys the drive by passing the drive through a mechanical shredder. Typical commercial hard drive shredders can process between 100 and 1,000 pieces per hour depending on the size of the shredder and of the hard drives to be shredded. Removal of server frames prior to shredding is usually not required. Drive serial numbers are usually recorded prior to shredding. Each drive is hand-fed into one end of the shredder, and shredded particles are ejected from the other side into a waiting collection container. Shredded particles are then transported to a metals recovery center for environmentally responsible disposal.
Since data still resides on the shredded particles, it is possible for a technically sophisticated, well-financed operator to recover data from the shredded pieces, if he could find the right piece from among the thousands of shredded pieces. For most commercial applications, the typical shred size of ¾” to 1-1/2” wide is sufficient. However, for high-security applications, such as in national security, a smaller particle size can be achieved by placing a sizing screen after the shredder, so that too-large pieces will be kicked back into the shredding chamber for further reduction until the pieces can fit through the screen.
Shredding can be done onsite or offsite. Onsite shredding is more secure since the drives will be destroyed prior to departure from the customer’s facility, but for small quantities of hard drives, onsite shredding can be prohibitively expensive because of the cost of bringing a large shredding truck to the customer’s site. Therefore, for smaller quantities of drives, it is advisable to seek a reputable, NAID-certified shredding firm to pick up the drives for offsite shredding. The offsite shredding firm will still issue a certificate of destruction for the shredded drives.