BBC Newnight Investigate HDD Destruction at Guardian

BBC Newnight Team, Investigating Snowden, Seeks Advice on Hard Disk Destruction

BBC Newnight Investigate HDD Destruction at Guardian

BBC Newnight Investigate HDD Destruction at Guardian

Newsnight Producer Nick Menzies recently contacted Data Eliminate while the programme was investigating the destruction of computer hard drives by the security services in the basement of the London offices of the Guardian newspaper.

The Newnight team wanted to establish the different ways in which computer hard drives should be destroyed in order to ensure that no sensitive data could be obtained from them. Nick Menzies and a film crew attended Data Eliminate’s central London Destruction Facility which is approved for use by Her Majesty’s Government Departments and Agencies. The Newsnight team were shown the different methods of destruction available including physical destruction by shredding or crushing, degaussing or secure overwriting.

Data Eliminate’s Destruction Expert, Julian Fraser, explained that crushing or punching of the drives was the method most likely to have been used in the case of the Guardian, because it was possible to do this in a meeting room with a minimum of mess and noise.

“Degaussing and crushing of hard disks can be done on site in central London  in an office block. Hard disks can then be then be taken to a destruction facility using secure transport for shredding into small pieces,” Julian explained. He continued, “Shredding is the best way to dispose of hard disks. The problem is that it requires parking for a shredding vehicle and can be noisy. That’s why we have a facility within 1 mile of London Bridge where customers can come and watch their disks being shredded.”

The Newnight camera crew took various pictures of hard drives being shredding, crushed and bent. Many of which were seen in the package shown that evening on BBC2.

Rees Ward-Data Eliminate

Hard Drive Shredding – ADS Leads by Example

Secure data destruction provider, Data Eliminate Ltd, has been drafted-in by ADS, the trade association for the UK Aerospace, Defence, Security and Space industries, to destroy confidential data held on the organisation’s decommissioned electronic media.

Data Eliminate deployed its mobile destruction vehicle to ADS’s London headquarters where a number of hard drives were shredded under the supervision of ADS Chief Executive, Rees Ward CB.

hard drive shredding

The on-site data destruction service provided by Data Eliminate carries the CESG CCT Mark certification and is approved by the Ministry of Defence (DIPCOG). It is designed to provide a means for companies to completely remove sensitive data from electronic storage devices and end-of-life IT equipment in the security of their own premises.

Rees Ward witnessed ADS’s hard drives being shredded to corn flake sized particles (15mm x 15mm). On completion, Data Eliminate provided ADS with a Certificate of Destruction and Waste Transfer Note. All waste residue was sent for environmentally responsible recycling.

“Data Security is an increasing concern for those, like our own member organisations, who work in sensitive areas and have intellectual property and customer data to protect. We urge such organisations to ensure data on end-of-life IT equipment is properly destroyed by a government approved data destruction provider,” affirms Rees Ward.

Julian Fraser, Director of Data Eliminate explains, “An incident of data loss can lead to fines from the Information Commissioner of up to £500,000 and catastrophic damage to a company’s reputation. Our security and environmental accreditations mean that organisations such as ADS can use our services with confidence.”

Data Eliminate runs an integrated Management System which is externally audited to the following International Standards:- ISO 27001 (Information Security), ISO 9001 (Quality) and ISO 14001 (Environmental).

 

Security Shredding and Alternatives for HDD and Electronic Media

Secure Removal of Data and Mobile on-Site Destruction

Every organisation whether public or private sector has responsibilities to the Data Protection Act.  All organisations must ensure that data does not fall into the wrong hands. One of the essential components of the Data Eliminate service for recycling WEEE, is the destruction of sensitive information held on data-storage devices. laptops, personal computers and server hard disks in addition to media such as CD’s, DVDs, floppy discs, data tapes and video tapes which accumulate over time. Destruction can either be carried out at the customer premises or back at Data Eliminate’s secure destruction facility.

Data Eliminate deploys several different methods for erasing sensitive and confidential material on devices used for data storage. The chosen technique depends on the type of technology used to store the data and the sensitivity of the information concerned.

Data Eliminate has a number of shredders especially designed for data destruction purposes.  The shredders and disintegrators are mounted on vehicles to suit a number of purposes.  The shredders are able to reduce all types of computer media including data tapes, computer hard disk drives DVDs, mobile phones and thumb drives into very small particles. Depending on the media concerned and the sensitivity of information, particle sizes may range from 20 mm² down to 2 mm².

It takes much longer to shred a hard drive down to 6 mm sized particles than it does to reduce down to 6 mm. The cost of doing the latter is therefore greater. In most cases, there is a standard of commercial best practice which is widely used by public sector and private industry. This standard is either known as BS 8470 or EN 15713 and governs the secure disposal of sensitive information. Data Eliminate’s on-site shredding capability has British government approval in the form of a CESG claims tested Mark.

CSG are the information assurance arm of the government Communications headquarters (GCHQ) based in Cheltenham. CESG manages approval schemes for various products and services which are used by central government in information assurance. This extends to data destruction.

Destruction through Degaussing

Hard drives, backup tapes and floppy discs are examples of magnetic media. This type of media can be destroyed by a process called degaussing. Degaussing permanently removes confidential data on magnetic devices by destroying the magnetic field thereon.  Degaussers cannot be used to destroy other forms of computer media such as CDs, DVDs or USB sticks. It is also the case that data from mobile phones and the very latest hard drives which use Flash technology cannot be destroyed by degaussing. These are also known as solid state devices (SSD). Optical and flash media devices must be crushed or shredded to ensure proper destruction of data.

There are other aspects of degaussing about which one should be aware. A degaussed hard drive does not look physically different after the degaussing process. If the procedure is therefore not properly managed, it is possible to get hard drives which have been degaussed confused with those which have not. The advantages of degaussing are that it can be a clean, quiet and quick process which can be completed within a normal office environment. For more sensitive government information a two-stage destruction process is required incorporating both degaussing and physical destruction via shredding or disintegration.

Erasure by Data Wiping

Storage devices which are physically destroyed using either shredding or degaussing may not be used again. If a customer wishes to reuse media items, particularly hard disk drives, sensitive data on the drive needs to be overwritten using specialist software. The length of time required to use the software to overwrite the hard drive is proportionate to the size of the hard drive itself. A large hard drive of say 500 MB or 1 TB may take a number of hours. Disk drives are getting bigger all the time so this is a growing problem although advances in overwriting technology are improving the overwrite speed.  Overwriting has some problems as many of the disks are at least partially faulty or have bad sectors. This means that overwriting can sometimes fail, leaving no option but to physically destroy the drive concerned. Given the time taken to overwrite drives and the software licences needed, it can be more cost-effective to simply destroy the incumbent drive and replace it with another one within the computer or server concerned.

Data Eliminate uses three types of overwriting software: Blancco, Kroll on Track and Tabernus. The solutions are approved by CSG to destroy government data up to and including impact level 6 (IL6).

It is true to say that most customers who are concerned about the sensitivity of their confidential information choose shredding or disintegration as a means of destruction. Data eliminate enables customers to witness this process either at their own premises or at Data Eliminate’s central London destruction facility.   Seeing your hard drive turned to cornflake sized particles is the most reassuring solution.

Secure IT Reycling & Data Destruction Service in Green Award Finals

The New London Walk In Data Destruction Centre based in Transport Zone 1 has reached the final of the Green IT Awards. The Data Destruction Centre enables Government Departments, City of London firms and other organisations to bring sensitive data on electronic media such as hard drives, back-up tapes and mobile phones for immediate destruction and enables the customers to witness the process.

The Secure IT Recycling Centre is located right on one of London’s busiest transport hubs for road, rail and underground services – being within 400 yards of two main aterial routes, a mainline rail and tube station and Barclays cycle stations. That makes it conveient to reach and environmentally friendly. It removes the need for lorries and vans to enter the centre of the City, make a large number of small collections and then travel to a distant plant. It makes it easy for smaller organisations and private citizens to look after their data too.

The Central London Data Destruction Centre has made the finals of this years Green IT Awards in the following categories:
• Green IT Best Newcomer
• Environmental Project of the Year up to 100 Employee

 

London Data Destruction Centre

Excel Guard

Secure Destruction Element of New Excelguard Service to be Provided by Data Eliminate

Excelguard is a new, innovative offering combining services and leading security suppliers, that provides a holistic approach to data protection. The approach combines data discovery and audit from PixAlert; policy distribution and management software from MetaCompliance; eLearning solutions from VigiTrust; secure data disposal from DataEliminate; and risk assessment and remediation services from Excelgate Consulting.

“Despite the constant stream of data breaches reported in the press day after day, many organisations are overlooking some essential steps they need to take in ensuring that a data protection culture becomes permanent” says Phil Stewart, Director of Excelgate Consulting and Secretary and Director Communications at ISSA UK. “Creating a cultural change regarding data protection in an organization requires them to think holistically and remember that staff awareness of security policies and training need to becomes embedded, and not just a one-off exercise when a new employee joins or changes job role.“

Looking at where undertakings have been published by the Information Commissioner in the UK , committing organisations to improve data protection compliance, there is a common theme running amongst them. Nearly all the undertakings issued to date (88%) require staff awareness of the organisations’ personal data handling policy and staff training where appropriate. Most of the undertakings also specify “other security measures.. for the “accidental loss/ destruction [of personal data]”. The undertakings also highlight there are still too many cases where personal data is being left exposed: unencrypted, found in skips, in waste paper bins or left in cars or trains.

“Excelgate’s exciting new initiative provides customers with a 360 degree solution from setting-up simple and practical measures to deploying high-tech defences,” says Julian Fraser, Director of Data Eliminate, “It’s humans who represent the vulnerability in almost every case. Excelguard addresses that issue head-on.”

Excelguard Features and Benefits

• Comprehensive offering for data protection: from data discovery through to secure data disposal
• Delivers lasting change to corporate culture for data protection.
• Reduces the costs of compliance by ensuring data protection becomes second nature to staff.
• Both personal and inappropriate data (audio/ image) discovery.
• Data discovery highlights training needs across the business.
• Improvement to business processes and technical controls.
• Continual improvement in staff awareness and understanding of security policy through targeted compliance activities.
• Evaluation of staff to ensure they not only read security policies and procedures but that they understand and follow them.
• Evidential weight to validate staff awareness and demonstrate due care.
• eLearning solutions to allow staff training at participant’s pace and paused & resumed as required.
• Training for all company levels from board to end-user: demonstrating both legal obligations and day to day tasks for data handling.
• Secure data disposal means for destruction of personal and confidential data: whether PC, server, memory, disk or mobile device.
• All recycling of electronic waste is compliant with the WEEE Directive with effectively 0% going to landfill.

Data Destruction on site shredding

Data Destruction Company Nominated for Green IT Award

Data Eliminate has been nominated for a Green IT Award by one of its customers.

Dilitas, the Risk and Security Management experts, recently made use of Data Eliminate’s Central London Walk-In Data Destruction Centre and were so impressed they nominated it for the Best Newcomer award.

The new data destruction facility is located within 1 mile of the City and within 2 miles of Whitehall and enables customers like Dilitas to bring their computer media such as hard drives for immediate destruction. Customers can witness their sensitive data being shredded to corn flake-sized particles before the residue is sent for environmentally responsible recycling. A data destruction certificate and waste transfer note are provided.

Christopher Cully, Managing Director of Dilitas, explained, “Data Eliminate’s walk-in secure data destruction centre in London Zone 1 is in a very convenient location – right on a major public transport hub with mainline and tube stations and multiple bus-routes allowing easy, low-carbon access for customers. It made it much easier for my company to dispose of computer media containing confidential information – and for that media, computer cases and laptops to be recycled in the proper manner.”

“Our central location reduces the time our collection/delivery vehicles and customers’ cars spend on the road thereby reducing emissions,” observes Julian Fraser, Director at Data Eliminate, “Its a key part of our ISO 14001 environmental management programme.”

Data Destruction Director Julian

InfoSec: Fraser Will Argue that Technology Should Take a Back Seat

Julian Fraser will argue that technology, standards and compliance should all take a back seat when it comes to advancing the Information Security message to businesses and the public at large.

According to Fraser, “The information security industry is caught in its own vortex driven by complex technology, compliance and audit regimes. This makes it especially difficult to communicate with those outside.”

The Data Eliminate Director will be making his case at the Information Exploitation Event (IEE) at Security and Policing 2012 during a session entitled “InfoSec is a Dirty Word” which will explore why information security has not received the attention it demands in business and civil society.

data destruction director

“The communication focus around InfoSec should shift to simple measures that can be taken to improve information security even before a computer is switched on,” Fraser suggests, “ Basic data hygiene, protecting sensitive data and disposing of it properly are things people can literally learn at home.”

Fraser urges the industry to find and appoint champions who can communicate such messages to the public at large.

“Once people have absorbed the simpler messages and begun to modify their behaviour, security and compliance might come back to the fore,” he summarizes.

Professor Sadie Crease of Oxford University and Colin Cowan, Head of Group Co-ordination, Intelligence and Investigations Security & Risk, Business Services, RBS will be joining Julian on the panel on 31st January 2012.

Julian Fraser Speaking at Home Office Security Conference

Data Eliminate Director, Julian Fraser, will be participating as a panel expert at the Information Exploitation Event at Security and Policing 2012 at Farnborough, Hants on January 31st January 2012.

The panel session is entitled “Security is a Dirty Word” and will explore the humanistic, language and education issues affecting information security as it moves centre stage in public consciousness. Julian will be giving his views alongside fellow panelists, Professor Sadie Crease of Oxford University and Colin Cowan, Head of Group Co-ordination, Intelligence and Investigations Security & Risk, Business Services, RBS.

Julian Fraser – Data Destruction on ITV’s London Tonight

ITV’s London Tonight featured a news story on Cabinet member Vince Cable on Friday 4th November. The Twickenham MP was exposed for leaving confidential papers in plastic recycling sacks outside his constituency office.

London Tonight sought the views of Data Eliminate Director, Julian Fraser, on best practice with regards to the disposal of confidential information. Julian was interviewed as a Data Protection Expert and explained that most data breaches were down to human error.

Judging by the fact that the whistleblower picked up papers over a number of months, it is clear in this case that there was no secure disposal policy in place and no practical security measures to protect the senstive papers.

Julian Fraser provides consultancy and advice to organisations on formulating proper data protection procedures. Morever, Data Eliminate assists with practical measures which include providing customers with secure containers in which waste paper and computer media can be stored until they can be shredded or destroyed. The secure containers help prevent pilfering and dumpster/dustbin diving.

Data Eliminate is a member of NAID, the National Assoication of Information Destruction (NAID), the international trade association for data destruction companies.

Hard Drive Shreddings and Breakfast Cereals

With reference to the shredding of hard drives, it is sometimes difficult to explain to customers the outcome of the process. To explain different hard drive shred sizes we use a Breakfast Table Analogy. Our standard government approved size is 15mm square. Our high security shredded hard disk particle size will be 6mm square. We describe the 15mm square as Corn Flakes and the 6mm size as Ricicles.

When hard drives are shred, it is imporant to know the difference between a straight cut and cross cut. Obviously a 15mm cross cut means the Corn Flake is less that 15 mm x 15 mm. However, a straight cut shredded hard drive will be 15mm across but can be much longer. The larger the surface area of hard drive platter left, the easier it may be to reclaim information.