Data wiping and HIPAA/HITCH
-
@Kelly said:
I don't know what the cost is, but Obliterase provides a service like this with a certification.
They do. Nice people. Spent some time talking to them last year at SpiceWorld.
-
@Obliterase summoning.....
-
Full disclosure: they're paying for me to go to Spiceworld London due to me winning a drawing. I'm not getting anything else from them for mentioning their name here
-
DBAN all the drives. (break raid array, dban one at a time.) If it was for my personal stuff or something not going to get you in trouble I'd suggest breaking the raid, making OBR10, dd /urandom the whole thing. Much faster, much less secure.
Take drives with you to shooting range.
Turn scraps in at metal recycler.
-
@scottalanmiller so you think shredding the hard drive is over kill?
-
@technobabble said:
@scottalanmiller so you think shredding the hard drive is over kill?
I generally think nearly everything that companies do like this is overkill. HIPAA does not require anything that drastic and common security practice does not either. IF the drive can do DBAN or Obliterase, I think that that is plenty and far better for the bottom line (resell drives) and the environment (not throwing away good technology when you don't have to.)
Your risk is not people randomly looking at the drives, you protect against that with software and selling through a third party. You worry about targeted attacks. Don't set yourself up for those and then anything like shredding is way over the top.
Security is all about making it unreasonable to get the data, once you pass that threshold there is not much value to additional security.
-
@scottalanmiller Thank you very much. Never did get a call back from the Shredding company.
-
No problem. De nada.
-
@technobabble said:
@scottalanmiller so you think shredding the hard drive is over kill?
@scottalanmiller said:
I generally think nearly everything that companies do like this is overkill. HIPAA does not require anything that drastic and common security practice does not either. IF the drive can do DBAN or Obliterase, I think that that is plenty and far better for the bottom line (resell drives) and the environment (not throwing away good technology when you don't have to.)
I shred drives because there is already a fee for paper shredding and there is no extra charge. It saves way more time than it takes to setup and manage a machine to run DBAN or Obliterase.
If there is nothing already in place, then I usually go the DBAN route.
With old servers, there is almost no resale value in the drives themselves. They are going to be too small for what most people want to do today. I can buy a 1-2TB SATA drive for less than $75 generally. Why would I want your old drives?
-
-
