Educause Security Discussion mailing list archives
Re: hard drive destruction
From: "Pace, Guy" <gpace () CIS CTC EDU>
Date: Thu, 10 Aug 2006 09:21:32 -0700
For desktop systems, where drives may outlast the warranty and replacement cost would be about $80 to $120, that may be true. But for server systems, the "keep the drive" option is a definite advantage. When a drive goes bad in an array, you should keep it and send it for aproved destruction when Dell (or whatever vendor) replaces it. This happens often enough in servers and drive arrays that "just replacing" would be cost prohibitive when the drives cost about $300 to $500 each and you might get two or three drive failures in a server array in a year. I struggle with this since drives sent back are often "refurbished" and reused. Clean-room rebuilds of drives can re-use a number of the drive parts. Destruction just makes more material for landfills, some of it toxic. Generally, there isn't enough information on a single drive in a RAID5 array that returning the drive to the vendor poses a significant risk. Much of this is driven by organizational or regulatory mandates. If there were a reliable way to insure that a dead drive could be cleaned of all data prior to returning it to the vendor, I would be all for that. Reduce, reuse, recycle. Guy L. Pace, CISSP Security Administrator Center for Information Services (CIS) 3101 Northup Way, Suite 100 Bellevue, WA 98004 425-803-9724 gpace () cis ctc edu -----Original Message----- From: Roy Hatcher [mailto:rhatcher () PITTSTATE EDU] Sent: Thursday, August 10, 2006 8:43 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] hard drive destruction At least with Dell, when you purchase a new computer, for about $20 more, you can add 'Keep your Hard Drive' for 1-4yrs. 3 years being the default for $16.20. With that, you can get a warranty replacement drive without having to send the old one back. While it could certainly be convenient to do it that way, it seems like it would be more cost effective to just go ahead and buy a new drive anytime an old one goes bad, instead of adding $20 to every new computer purchase. -rh -- Roy Hatcher Systems Administrator Pittsburg State University 620.235.4071 rhatcher () pittstate edu Les LaCroix wrote:
We don't go to the vendor for warranty hard drive replacement. We put
in a new hard drive and send the old one for destruction to the same place that old drives go when we retire computers. There's a cost issue, and there's the question on whether or not the computer's warranty is now invalid. But it doesn't happen often enough that we worry about it. Les LaCroix Associate Director of Network Services Carleton College Michael Fox wrote:I am working on policy and procedures for hard drive
wipe/destruction.
I have most of what I need for my procedures but I have hit one sticking point. I would like to get some input as to how others have handled this issue. The issue: if a hard drive that is under warranty fails most technicians will contact the vendor, get a replacement drive and send
the "bad" drive back to the vendor. If there is sensitive information
on that drive (worst case scenario always) the vendor now has access to that data and/or worse yet they repair the drive and sell it to someone else. What do you folks do with this kind of scenario?
Current thread:
- hard drive destruction Michael Fox (Aug 10)
- <Possible follow-ups>
- Re: hard drive destruction Tony Gauvin (Aug 10)
- Re: hard drive destruction Les LaCroix (Aug 10)
- Re: hard drive destruction Roy Hatcher (Aug 10)
- Re: hard drive destruction Mark T. Nardone (Aug 10)
- Re: hard drive destruction Pace, Guy (Aug 10)
- Re: hard drive destruction Barnes, Jeff (Aug 10)
- Re: hard drive destruction Jim Dillon (Aug 10)