What You Need
To Know About Degaussing
Selecting a
Degausser, Using a Degausser and Outsourcing Degaussing Services
By Ron
Carboy
Peripheral
Manufacturing, Inc.
Ron Carboy founded
Peripheral Manufacturing, Inc. 28 years ago after a successful carrier with
Memorex Corporation. Ron was one of the original sales engineers marketing magnetic
computer, video, and broadcast tape. Peripherals has evolved into an
internet-based firm selling products used by the computer industry around the
world. New product introductions include Aero-K, a potassium-based,
environmentally-friendly, fire suppression system for the computer, industrial,
and automotive industry. Ron can be contacted at periphman@periphman.com. Or, visit
the company’s web site at http://www.periphman.com
WHAT
YOU NEED TO KNOW ABOUT DEGAUSSING
Individuals
and businesses alike should be acutely aware of the importance of protecting
personal data, as well as extremely diligent in the process of destroying old
or unneeded data. Until about five years ago it wasn’t a priority. Identity theft
has become big business for thieves. We all remember the TV ad where a thief
rummages through your garbage the night before pickup, ready to steal your identity
and important documents.
There are
rules and regulations today that outline how to protect valuable information.
Sarbanes-Oxley,
FACTA, HIPAA, and a host of state rules and regulations all pontificate about the
protection and disposal of recorded media, or what I will refer to as stored media.
They all spell out the fact that individuals and business cannot discard of anything
that has, or relates to, private information without first eliminating the data.
Although these regulations relate to personnel information, most public,
private and governmental entities want to -- and demand -- protection of
production processing information, tax returns, trade secrets, military and governmental
data, product formulas, software codes, and the like. All the aforementioned
regulations can be found on the Internet. If your firm is not in compliance
with these regulations, it could face a hefty fine, sometimes to the tune of
$250,000.
WHAT IS DEGAUSSING? HOW DOES DEGAUSSING WORK?
One of the
most secure ways to eliminate information on hard drives and magnetic computer
tape media is to degauss\erase the information. Simply put, degaussing is a
magnetic field using an alternating field of sufficient intensity to saturate the
media. The magnetic field is then slowly withdrawn or reduced and the magnetic
media is left in a magnetic neutral state, or erased. Part of the hard drive has a program called a servo, installed on
the drive by the manufacturer, which also is erased. Degaussing the servo
renders the drive useless.
A common
misperception many first time degausser users have is their belief that they
must have a degausser that is Department of Defense (DOD) or National Security
Agency (NSA) compliant. Usually, when I question this statement, folks tell me
their boss said that was a requirement. Or, they tell me it has to be Sarbanes-Oxley,
FACTA, or HIPAA compliant. These regulations are guidelines and do not tell you
what equipment to use or indicate a specific way of eliminating proprietary data.
They simply state that you have to do it.
Another misperception
concerns DOD approval. The DOD does not approve of anything, but merely
recommends. If a manufacturer presents a degausser to DOD and the
specifications claim it will erase a 300 GB hard drive, then DOD would probably
add it to their list of recommended products. The problem is DOD, as of this
writing, has not tested or recommended products in several years. This means
that all the degaussers that degauss high coercivity drives and tape made today
have never been tested by a governmental agency. This does not mean newer
degaussers will not work. In fact, they function quite well. There are a few
degaussers that are approved by DOD and NSA, however, they have limited erase
capabilities (megabyte capacity) and were blessed several years ago.
PURCHASING A DEGAUSSER
There are
two considerations when researching a potential purchase: 1) Present hard drive
and computer tape capacity and 2) future capacity. Why? In the last year or so most
degausser manufacturers recognized the severe increase in gigabyte capacity and
have had to redesign to match or exceed the increase in degauss/erase
capability.
Depending
on how your company is structured, a degausser could be a capital expenditure and
depreciated over several years. Higher erase-capacity degaussers are more
expensive now than even a year ago. Often I get requests for an inexpensive
degausser to erase today’s higher capacity drives and media. I equate this to
someone seeking a heart transplant for the cost of an oil change. The truth is
that degaussers used to be inexpensive because hard drives and magnetic tapes
were not very complicated. Diskettes, round reel tape, and tape cartridges are
made of gamma ferric oxide and are somewhat easy to erase. Today, computer tape
and hard drives are made of metal particle oxide. This material, together with
the higher capacity of smaller discs, makes them extremely hard to erase.
Faster degauss time, continuous duty machines, and larger magnets all add to
increased degausser costs. It may be necessary to reallocate some of your IT
budget for the proper equipment to satisfy your security requirements. Remember
this simple truth: The cost of a degausser is going to be much less than the
cost of a security breach.
Considering
which degausser fills your present and future requirements should also include
questions about the warranty and any other services provided by the retailer. DOD
recommends testing each degausser at least once a year for continued use. It is
in your best interest to look for a retailer that will recertify your degausser
each year at little or no cost to you.
USING YOUR EXISTING
DEGAUSSER
If your
firm is currently using a degausser, how do you know it is degaussing your hard
drives and media? Has anyone in your company read the manual to see what its
degauss capability is? Do you even have the manual? Have you ever had it
tested? Do you have a security program that keeps track of old drives and
tapes? If you don’t, you could be guilty of “Avoidance of Tolerance Risk.” This
means you’re probably taking a big risk that your firm’s hard drives and media are
never found or reused. Although DOD suggests that degaussers are tested at
least once a year, I can tell you that almost no one follows this
recommendation.
USING AN OUTSIDE
SERVICE
One way to
dispose of IT equipment in an environmentally safe manner is to use a recycling
facility or degausser service firm. One important issue not known to many
users, and even many of the recycling firms, is the concept of “Transfer of Liability.”
In regard to hard drives and magnetic computer tape, the liability of any
information on said media does not transfer from the originator of said media
to the recycler\service firms, or one that accepts the equipment. There are
consequences which, unfortunately, can come back to haunt you if you are not
careful in selecting the right recycling\service firm.
To insure
reliability from your recycler, you need to ask some pointed questions. As with
purchasing a degausser, you want to be sure your stored media, hard drives and
tapes are fully degaussed.
§
What
type of degausser will be used?
§
How
old is the degausser?
§
Has it
ever been tested?
§
Where
was it tested?
§
How do
they know it works?
§
What type
of accountability program do they have? For example, do they log in your drives?
Do they issue an RA (return authorization) so they can track your media?
§
Are
they going to overwrite or degauss, and then resell your hard drive or tape?
These are a
few suggestions for determining how secure your stored media will be when it
leaves your facility. Remember that the liability remains with you.
RETURNING A BROKEN
HARD DRIVE OR MAGNETIC COMPUTER TAPE TO A MANUFACTURER
When a
drive malfunctions, either a board problem or head-to-disc interference has
occurred. There are times when you can recover the cost of a drive under
warranty by returning it to the manufacturer. In some instances, you may have
to send the drive or tape to a reseller. They, in turn, do some paperwork and
forward the media to the manufacturer. In either case your information could be
compromised.
If the
heads crash on the surface it would be very difficult to recover any data. If
there is a board failure, your information is available to anyone. Handing off
the drive or tape to someone else will not let you off the hook. You can
transfer assets but the liability
of
information on the drive or tape still rests with your firm. You really need to
know how your product will be handled. As with any outside service, you need to
ask the same questions I outlined above.
We all fall
into one of the categories previously mentioned. I hope you have a better
understanding of how to protect your company’s information. Also, be aware of
the consequences if you don’t. When you consider that your company’s private
data is on other firms’ media, it brings a whole new understanding of the
responsibility we all have to treat other’s data in the way we’d want our own
to be treated.
You can
contact Ron Carboy at www.periphman.com,
www.server-room-furniture.com
or call
1-800-468-6888. Peripheral Manufacturing, Inc. sells and services degaussers.
The company offers certification service (free of charge under some conditions)
once a year for equipment they sell. Peripheral Manufacturing also offers a
service to test all degaussers for a small fee. If you want to see how your
degausser stacks up, call or email periphman@periphman.com for additional
information.