Secure System Retirement

By Tom Schmidt

Hardly a week goes by, it seems, without news of another PC or laptop containing sensitive information falling into the wrong hands. Earlier this year, for example, a laptop belonging to an Ernst & Young employee was stolen in a car theft. Ernst & Young is the auditor for the Hotels Web site, and the laptop contained personal data on the Hotels Web site customers. Then there was the case of consulting firm Dovebid, which auctioned off old computers that contained confidential client information.

Maintaining a highly secure IT environment and protecting a company's digital assets mean that the system retirement process cannot be overlooked or handled carelessly. Increasingly, enterprise IT departments realize that they must look for certified and tested solutions that completely wipe all data from the hardware device.

This article looks at best practice strategies for reducing the risk and liabilities associated with PC retirement and data disposal.

Managing the entire lifecycle
Today's enterprises can spend thousands of dollars per user each year to deploy and migrate operating system and application upgrades. The key to a successful software deployment or migration is to budget, plan, and implement an effective strategy that minimizes end-user downtime and IT frustration.

Of course, that's easier said than done. IT departments continue to be asked to do more with less, and to act quickly in response to changing business imperatives. There can be little doubt that managing constant changes in the PC environment has become more difficult for IT professionals.

That's why a state-of-the-art enterprise PC management solution is essential to this process. Such a solution should allow both file- and sector-based imaging (which allows administrators to deploy or restore a base state of an OS image or application onto a PC in minutes) and make it easy to migrate user settings and profiles to customize a PC.

But that's not the end of the story. An enterprise PC management solution must also enable administrators to safely erase the contents of a hard disk and ensure that confidential files cannot be recovered when the time comes to retire a system.

Genuine retirement
When files are deleted from a disk on a computer through the operating system, the operating system doesn't erase the content of these files from the disk. It only deletes references to these files on the hard drive. Contents of the deleted files continue to be stored on the disk and can be easily restored using data-recovery utilities.

Most enterprises lack adequate PC disposal policies and give away critical data when they discard old PCs, especially when proper file deletion procedures aren't followed. Most government agencies now stipulate that hard drives must be thoroughly cleansed before they are disposed. Many organizations rely on disk reformatting to cleanse proprietary data. But this is a lengthy and laborious process and not always completely secure. Moreover, reformatting doesn't inhibit the ability of a low-level tool recover the data.

Clearly, disposing of a PC without having proper disk cleansing processes in place is a security exposure and an unnecessary risk to the enterprise. That fact has been acknowledged by an increasing number of recent regulations -- including the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act (HIPAA) -- that have focused on the handling of individuals' personal information and other sensitive corporate data. Ultimately, enterprises are responsible for data security and cleansing. Failure to fulfill that responsibility can expose the enterprise to legal liability and, in some cases, criminal prosecution.

Best practice strategies for PC retirement and data disposal require support for two "disk wipe" standards in particular: the U.S. Department of Defense NISPOM (National Industrial Security Program Operating Manual) DoD 5220.22-M (1995), and the Assistant Secretary of Defense Memorandum of Disposition of Unclassified DoD Computer Hard Drives (2001).

In accordance with NISPOM, magnetic disks should be first cleared, then "sanitized." The first operation involves overwriting all addressable locations with a single character; the second operation involves overwriting all addressable locations with a character, its complement, and then a random character, followed by verification. Confirming that the wipe has been successful is an important step in the process. Administrators should be able to view the overwrite pattern on the disk to confirm that the overwrite has occurred.

Conclusion
For today's enterprises, a superior PC management solution enables them to manage the entire PC lifecycle while reducing the time and cost required to:

• Create standard system images for new workstations
• Deploy a new operating system across an enterprise
• Migrate users to new PCs or operating systems while preserving user settings, preferences, application settings, and data
• Restore a computer to its original configuration
• Send out file updates or system refreshes
• Refresh PCs following a system failure
• Retire PCs and securely dispose of confidential data

Perhaps best of all, such a solution virtually eliminates the need to physically touch client PCs. That's key to reducing support costs and welcome news to overburdened helpdesks.

At a time when more and more cases of wayward PCs containing confidential information are making headlines, enterprises require a solution that ensures their data cannot be recovered from retired or recycled PCs.

Tom Schmidt writes frequently about information security topics. He has more than 15 years' experience as a writer and editor in high-tech publishing.