On the downside, Rothke notes, it takes a long time to overwrite an entire high-capacity drive. This process might not be able to sanitize data from inaccessible regions such as host-protected areas. In addition, there is no security protection during the erasure process, and it is subject to intentional or accidental parameter changes. Overwriting might require a separate license for every hard drive, and the process is ineffective without good quality assurance processes.
Another factor to consider is that overwriting works only when the storage media is not damaged and is still writable, says Vivian Tero, program director for governance, risk and compliance infrastructure at research firm IDC (a sister company to CSO's publisher).
"Media degradation will render this [method] ineffective," Tero says. Nor will overwriting work on disks with advanced storage-management features, she says. "For example, the use of RAID means that data is written to multiple locations for fault tolerance, which means that remnants of the data are scattered in the enterprise storage architecture," Tero says.
Security practitioners point out that while overwriting is cost effective, it's not free. "Overwriting is definitely cheaper [than other methods], but you still have to have the headcount to manage it, so there are costs there," Harkins says.
By following standards created by the Department of Defense and the National Institute of Standards and Technology, "you can be pretty sure the [overwritten] data will be unreadable and unusable," Harkins says. "There are studies I've seen where people will prove that they can find stuff on drives that are overwritten. But I think if you follow the standards you greatly minimize the likelihood that that would be case."
Still, Harkins says, overwriting is by no means foolproof. There are areas where errors might occur and the data might not be fully overwritten. "In the wrong hands, someone might still be able to recover the data," he says.
Degaussing is the removal or reduction of the magnetic field of a storage disk or drive. It's done using a device called a degausser, which is specifically designed for the medium being erased.
When applied to magnetic storage media such as hard disks, magnetic tape or floppy disks, the process of degaussing can quickly and effectively purge an entire storage medium.
A key advantage to degaussing is that it makes data completely unrecoverable, making this method of destruction particularly appealing for dealing with highly sensitive data.
On the negative side, Rothke says, strong degausser products can be expensive and heavy, and they can have especially strong electromagnetic fields that can produce collateral damage to vulnerable equipment nearby.