Bottom line: Millions of hard drives are retired annually when their warranties expire, even if they are still in perfect operating condition. The overwhelming majority of these drives are not sent in for refurbishing or otherwise repurposed. Rather, they are destroyed.
The Circular Drive Initiative (CDI), a consortium of technology companies promoting the reuse of storage hardware, estimates that nine out of 10 drives are destroyed upon decommission.
Most large companies work with IT Asset Disposition (ITAD) firms to properly dispose of used storage devices, some of which could contain highly sensitive data like trade secrets. For both parties, the name of the game is risk management.
The IEEE last year set its Standard for Sanitizing Storage, a three-tier approach to dealing with storage devices. Level one involves simply erasing data, which could be recovered using specialized tools. This method is sufficient for those wanting to reuse a drive in their company but would not suffice for those planning to resell the drive to another company. Level two, called purging, overwrites “deleted” data with new data to ensure it is not recoverable. Stage three consists of physically destroying the drive by incineration, ensuring there is no way the data or the drive can be recovered.
The latter may seem extreme but apparently it is necessary. According to CDI secretary and treasurer Jonmichael Hands, shredding hard drives may not be enough to thwart a determined hacker. A person with the right tools and know-how could glean data off a platter as small as 3mm, Hands said.
For major cloud service providers like the ones Hands spoke with, the nuclear option is the only option. “They have a zero-risk policy. It can’t be one in a million drives, one in 10 million drives, one in 100 million drives that leaks. It has to be zero.”
Still, others are pushing for the safe and secure reuse of hard drives. Storage specialist Seagate, a founding member of the CDI, refurbished and resold 1.16 million HDDs and SSDs in financial year 2022. The effort kept more than 540 tons of electronic waste out of landfills.
Amy Zuckerman, sustainability and transformation director at Seagate, said refurbished drives are tested and recertified with a new five- or seven-year warranty. Customers for these drives typically include smaller data centers and crypto mining operations, she said. It is unclear how many times a drive can be refurbished and reused, but Zuckerman said they are currently shooting for double use.
Hard drives that are not fit for refurbishment can be disassembled and salvaged for parts, and raw materials can be recycled.
Storage devices aren’t the only pieces of hardware one must be concerned about with regard to risk management. Back in April, researchers from cybersecurity firm ESET acquired nearly 20 used routers and found intact configuration data on more than half of them.
Tony Anscombe, chief security evangelist at ESET, recommends companies sanitize devices themselves as best they can before handing them over to third party sanitation or e-waste disposal firms.
Image credit: Hard drives by Ivo Brasil