How to dispose of unwanted backup media

Brien Posey looks at the inherent problems with backup media disposal. Because it contains sensitive data, you must dispose of it safely.

Whether you write your backups to removable media, spinning disks, or some combination of the two, your backup media will eventually wear out and need to be replaced. Of course, this raises the question of how best to dispose of unwanted backup media.

The problem with backup media disposal is that your backup media contains sensitive data. Even if the data really doesn't seem all that important, there is no shortage of surprisingly creative uses for various forms of stolen data. As such, it is clearly in your best interest to make sure that the contents of old backup media do not fall into the wrong hands.

Overwriting the data

One of the most time-tested methods for dealing with unwanted backup data is to overwrite the backup media with meaningless binary data. This method has its advantages and disadvantages.

The main advantage is that overwriting your backup media is easy to do. But, the technique is not 100% effective. With the right tools, data can still be retrieved from an overwritten disk or tape. Of course, these tools are extremely expensive, so overwriting your data will likely protect your privacy against dumpster divers but will not deter the NSA.

Another disadvantage is that overwrites can be time-consuming depending on the mechanism that you are using to perform the overwrite operation and the type of media you are overwriting. This might not be a big deal if you only have a few pieces of media to dispose of, but it can be problematic if you need to erase a mountain of tapes. It may also result in wear and tear on your tape drives.

Finally, overwriting data isn't usually going to be an option for damaged media. For example, if you have a hard disk with a burned-out motor, that disk still contains data even though it has become impossible to use conventional methods to read or write data to the disk.

Physically destroying the media

Another popular technique for getting rid of unwanted backup media is physical destruction. Again, this method has its advantages and disadvantages.

The main advantage is that physical destruction is highly effective in preventing data exposure. However, there are a couple of downsides.

Data destruction machines such as hard-disk crushers exist, but it is no secret that some admins have historically taken a "do-it-yourself" approach to data destruction in order to reduce costs. Unfortunately, some of the more unorthodox techniques have resulted in injuries.

The use of purpose built data destruction machines provide a far safer and more efficient method for destroying media, but such devices can be expensive. However, there are a number of organizations that specialize in backup media destruction. These organizations generally charge a small fee for each piece of media processed, which tends to be far cheaper than purchasing an industrial crusher or shredder.

It's a good idea to use a service that either returns the remnants of the hard disk as proof of the destruction or one that provides a video of the destruction. That way, you can be sure that the data is really being destroyed.

Degaussing the media

Another method that is sometimes used for disposing of backup media is degaussing the media. Although this method has been used for decades, it is worth noting that today's disks and tapes are far more resistant to degaussing than media used in the past.

About 10 years ago, I accidentally (partially) degaussed the drive in a computer in my home simply by running a vacuum cleaner in close to it. Today that would never happen. Tapes and hard disks are specifically designed to be resistant to degaussing, so you need a really powerful magnet to effectively degauss backup media.

Even if your backup media were not resistant to degaussing, degaussing presents a bigger problem – verification. Making sure that no data can be read from a piece of degaussed media is a time-consuming and potentially error-prone process that ultimately makes degaussing impractical as a primary method of protecting your data.

Most of the people I have known who have used this method have built their own degausser with parts from Radio Shack, but commercial degaussers are available at prices from $2,000 to $5,000.

The best way of disposing of old backup media might be to use a combination of techniques. For example, you might overwrite and then degauss the media. Similarly, some organizations overwrite or degauss backup media prior to physically destroying it. Whatever method you use, you must make it physically impossible or cost-prohibitive for anyone to recover data from your backup media.

Dig Deeper on Data backup security

Disaster Recovery