When you write backups to any sort of media, eventually that media is going to wear out and need to be replaced. So the question is, how do you dispose of it properly?
If you’re creating business backups—as you should be!—there are three really good reasons you should have a great media disposal plan:
- Eliminating the risk of data theft.
- The economic benefits.
- The environmental benefits.
This article talks more about these benefits, and the best disposal methods you can use to achieve them.
The Three Big Benefits of a Backup Disposal Plan
1. Eliminating the risk of data theft
The nature of backing up your data is that it’s valuable information you can’t afford to lose. If you’re running a business, it’s typically financials, customer and employee data, and other internal documents. And by extension, if this data is valuable to you, it’s also very valuable to other people.
There is no shortage of surprisingly creative uses for stolen data, and you can even make a living off it. This is why you need to make absolutely sure that your backup media is completely unusable when you toss it out, because if it’s not, you’re basically handing someone the keys to your (business) kingdom.
The biggest risk is your disposed-of backup media being targeted by a dumpster diver – someone who engages in modern salvaging of waste in large commercial, residential, industrial, and construction containers. People don’t just do this because they’re poor – there’s people who do this professionally and systematically for large profits. And you can bet if you toss out a drive, they’re going to try and see what’s on it.
You won’t see these people out the back of your business doing this, because this isn’t typically where it happens. That’s because most of your backup media is not biodegradable and is stored in landfills. They’re stored in containers like most e-waste, then shipped off to developing countries (Such as Africa). This is where dumpster divers scour through e-waste for data to use, pieces of copper, and anything they can recycle or sell.
During this process, your old media may pass across borders and change hands many times, giving it ample opportunities to be stolen. It’s very important to remember that we live in a global world, and your old media doesn’t just stop existing when you throw it in the bin.
People who have their business data accessed and abused by a dumpster diver are unlikely to identify the real perpetrator, and are more likely to point the finger at internal sabotage. Typically, the person who has the most access to that backup data. This is why a great backup disposal plan is definitely in your best interests if you’re the one handling the backups!
2. The economic benefits
Not all backup media disposal methods are created equally – some are quite simple, others quite costly. By tailoring your disposal method to the level of data theft protection you need, you can greatly reduce your costs.
The economic costs of your media disposal is also going to vary greatly depending on the backup media you’re using. If you’re using tape media backup, you may be going through tens to hundreds of tapes a year (Some enterprises go through thousands). It’s cheap to buy, but it’s a lot of media to dispose of, which is why even a slight cost saving can help.
3. The environmental benefits
Assuming this is a relevant factor for you, the easiest ways to fully destroy your backup media (e.g. fire) are also the most environmentally toxic, and depending on your local laws, potentially illegal.
This, again, depends on your backup media. Most backup media is not biodegradable; the whole point is that you want it to last as long as possible. There’s a chance it will end up an illegal land-fill or be incinerated at it’s final destination. Good for your data security, bad for the ecosystem.
The Best Backup Media Destruction Methods
All of these methods are sound backup destruction methods. However, some may fit your business needs more than others. Many have their own pros and cons, which you’ll need to weigh up and figure out if it meets your set-up.
Overwriting your backup media with meaningless binary data is, hands down, the easiest way to remove the risk of data theft. There are plenty of programs that can do this for you, and compared to other disposal methods, this one is very cheap.
The first drawback is that it’s not 100% effective. With the right tools, your data can still be recovered from an overwritten drive. Good news is, dumpster divers are not usually this advanced. This is more of a problem if you’re trying to deter NSA (Which, in itself, raises some questions about your data).
The second drawback? This process is typically not very quick. If you’re just erasing a few pieces of media, it won’t take an insurmountable amount of time. But this will be a big deal if you’ve got a mountain of tapes to dispose of.
Your writing hardware may experience wear and tear from all this overwriting as well (E.g. Tape Drives). Again, this really only factors in if you’ve got a lot of media to overwrite.
The third drawback is that if you’re tossing your media out because it’s physically damaged, you probably won’t be able to overwrite it with meaningless data. For instance, if you’re tossing a hard drive out because of a burned out motor, it’s still got the data on it – but you’re not going to be able to read or write data on the disk with conventional methods.
This method also means you’re still left with physical backup media you need to get rid of.
2. Physical Destruction
A very popular and effective technique, depending on the method you use. Again, there’s pros and cons.
Data destruction machines exist for the sole purpose of destroying your backup media. However, due to the cost and space these machines take up – and a bit of lazyness – many admins typically take a “do-it-yourself” approach to media destruction (*cough*hammer*cough*). As therapeutic as this is for a SysAdmin, there’s the chance this can result in injury.
As a business, and if you’re the one destroying the media, this is something you’ll obviously want to avoid.
Degaussing is a method of disposing of backup media that has existed for ages. It’s fast and doesn’t involve physical risk to the user – the two drawbacks of overwriting and physical destruction, respectively. But degaussing comes with it’s own drawbacks.
Firstly, it’s worth noting that today’s disks and tapes are more resistant to degaussing than in the past; If you do go with degaussing your backup media, you’ll want a commercial degausser – but these can be costly, between $2,000 to $5,000 US. Anything less, and you’re probably not going to be using a strong enough magnet to properly degauss your data.
The biggest problem with degaussing is verifying that your data is destroyed. Making sure that none of your data can be read from degaussed media can be time-consuming and error prone. This makes it somewhat impractical, meaning you might not want to use it as your primary disposal method.
4. Professional Disposal
There are certified disposal service providers who can get rid of your backup media for you, whether your media is intact or not. You can often opt for the recycling of your backup media, or complete destruction.
Chances are if your media is physically intact, you can recycle it. Just because it’s been sitting in storage for two years doesn’t mean it’s been used continuously. That means it could be traded in for credit, replacement, or money. If it’s not recyclable, the service will have a lot of techniques for destroying your media; from crushers to shredders.
Make sure the service you use is credible, ask them the measures they take to clear your business data, and insist on confirmation. This can be either a video of the media’s destruction or receiving the pieces of your destroyed media. They should hand you a certificate of of disposal once all this is done. Be highly suspicious of any service that refuses to offer this sort of written assurance.
5. The Best Approach: Combine The Methods
Because all these disposal methods have drawbacks, the best way to overcome this is to use a combination of methods. You can overwrite and degauss your media prior to physically destroying it yourself, or handing it over to a disposal service provider. This way you can rest assured that you’re completely insulated against data theft.
Remember: just because your data hasn’t been stolen before, doesn’t mean it can’t happen, and it only has to happen once. A prime example is Iron Mountain, who lost 40 backup tapes in May 2005 of one of it’s clients. The data on these tapes contained the security numbers for 600,000 current and former Time Warner employees.
Make sure you have peace of mind by properly disposing of your backup media!