Re: Proper End-Lease Equipment User Data Erasure
When dealing with End-Lease Equipment it must be acknownledged that it is the property of the Finance company and must be returned in the same working condition that it was taken possession when first delivered to User.
Simply removing and performing a Data Wipe or replacing the Hard Drives will render the Equipment Inoperatable or Unusable because the Hard Drive also contains software installed by the Manufacturer and should Not Be Deleted. This will cause the Finance company to invoice the users for damages to their Equipment.
Only the User Data should be Erased from the machines HDD's (Hard Drives) and PCB's (Printed Circuit Board) and all Operating Software and Installed Optional Software need to be protected because there is a very high cost to Purchase and Reinstall New Operational Software and Optional Software from the Machine Manufacturer.
A Trained and Experienced Field Engineer is the only person capable of carrying out these types of Services.
MASTERTECH expertly qualified in the User Data Erasure Solution.
Data erasure (also called data clearing or data wiping) is a software-based method of overwriting the data that aims to completely destroy all electronic data residing on a hard disk drive or other digital media. Permanent data erasure goes beyond basic file deletion commands, which only remove direct pointers to the data disk sectors and make the data recovery possible with common software tools. Unlike degaussing and physical destruction, which render the storage media unusable, data erasure removes all information while leaving the disk operable, preserving IT assets and the environment. New flash memory–based media implementations, such as solid-state drives or USB flash drives can cause data erasure techniques to fail allowing remnant data to be recoverable.
Software-based overwriting uses a software application to write a stream of zeros, ones or meaningless pseudorandom data onto all sectors of a hard disk drive. There are key differentiators between data erasure and other overwriting methods, which can leave data intact and raise the risk of data breach, identity theft or failure to achieve regulatory compliance. Many data eradication programs also provide multiple overwrites so that they support recognized government and industry standards, though a single-pass overwrite is widely considered to be sufficient for modern hard disk drives. Good software should provide verification of data removal, which is necessary for meeting certain standards.
To protect the data on lost or stolen media, some data erasure applications remotely destroy the data if the password is incorrectly entered. Data erasure tools can also target specific data on a disk for routine erasure, providing a hacking protection method that is less time-consuming than software encryption. Hardware/firmware encryption built into the drive itself or integrated controllers is a popular solution with no degradation in performance at all.
Presently, dedicated hardware/firmware encryption solutions can perform a 256-bit full AES encryption faster than the drive electronics can write the data. Drives with this capability are known as self-encrypting drives (SEDs); they are present on most modern enterprise-level laptops and are increasingly used in the enterprise to protect the data. Changing the encryption key renders inaccessible all data stored on a SED, which is an easy and very fast method for achieving a 100% data erasure. Theft of an SED results in a physical asset loss, but the stored data is inaccessible without the decryption key that is not stored on a SED, assuming there are no effective attacks against AES or its implementation in the drive hardware.
Information technology (IT) assets commonly hold large volumes of confidential data. Social security numbers, credit card numbers, bank details, medical history and classified information are often stored on computer hard drives or servers. These can inadvertently or intentionally make their way onto other media such as printer, USB, flash, Zip, Jaz, and REV drives.
Increased storage of sensitive data, combined with rapid technological change and the shorter lifespan of IT assets, has driven the need for permanent data erasure of electronic devices as they are retired or refurbished. Also, compromised networks and laptop theft and loss, as well as that of other portable media, are increasingly common sources of data breaches.
If data erasure does not occur when a disk is retired or lost, an organization or user faces a possibility that the data will be stolen and compromised, leading to identity theft, loss of corporate reputation, threats to regulatory compliance and financial impacts. Companies have spent nearly $5 million on average to recover when corporate data were lost or stolen.[dubious – discuss] High profile incidents of data theft include:
- CardSystems Solutions (2005-06-19): Credit card breach exposes 40 million accounts.
- Lifeblood (2008-02-13): Missing laptops contain personal information including dates of birth and some Social Security numbers of 321,000.
- Hannaford (2008-03-17): Breach exposes 4.2 million credit, debit cards.
- Compass Bank (2008-03-21): Stolen hard drive contains 1,000,000 customer records.
- University of Florida College of Medicine, Jacksonville (2008-05-20): Photographs and identifying information of 1,900 on improperly disposed computer.
- Oklahoma Corporation Commission (2008-05-21): Server sold at auction compromises more than 5,000 Social Security numbers.
E-waste and Information Security
E-waste presents a potential security threat to individuals and exporting countries. Hard drives that are not properly erased before the computer is disposed of can be reopened, exposing sensitive information. Credit card numbers, private financial data, account information and records of online transactions can be accessed by most willing individuals. Organized criminals in Ghana commonly search the drives for information to use in local scams.
Government contracts have been discovered on hard drives found in Agbogbloshie, the unregulated e-waste centre in Ghana. Multimillion-dollar agreements from United States security institutions such as the Defense Intelligence Agency (DIA), the Transportation Security Administration and Homeland Security have all resurfaced in Agbogbloshie.