Hard drives replaced under warranty - best practices?

Networking/Security Forums -> Physical Security and Social Engineering

Author: mb PostPosted: Thu Jan 27, 2005 7:18 pm    Post subject: Hard drives replaced under warranty - best practices?
    ----
Most warranty replacements require that the failed parts be returned to the manufacturer. This poses a definite security risk when the part being replaced is a hard disk drive. The drive may likely contain information that is sensitive.

While computer manufacturers are unlikely to deliberately attempt to retrieve data from a failed hard drive, once it leaves your facility, the chain of custody is broken.

What are the most common ways businesses deal with this issue? Since few if any 'erasure techniques' are foolproof, it seems to me that the best way to deal with it is to simply opt out of the warranty replacement, incur the cost yourself and have the drive physically destroyed.

Author: zvonLocation: Toronto, Canada PostPosted: Fri Jan 28, 2005 12:21 am    Post subject:
    ----
In my experience I usually judge it on situational basis. If its very critical data, we decide to not use the warranty system, but if its just some guys PC we tend to not care too much.

Id love to hear how others have dealt with this situation.

Author: ThePsykoLocation: California PostPosted: Fri Jan 28, 2005 12:44 am    Post subject:
    ----
I likewise take it on a case by case basis. If that PC has held company secrets then I say take the loss. However, if it's just some schmos computer and it wouldn't matter even if our main competitor got ahold of it, then I wipe and swap.

Author: NetworkguyLocation: UK PostPosted: Fri Jan 28, 2005 1:36 am    Post subject:
    ----
In the case of server drives on site warranties are a must.

if a drive fails (we use HP for our intel servers) we call out the engineer who then confirms the drive is dead (remember that dead drives are not repaired anyway) and gives us a new one.

We then place the old drive on top of our nice big degauser (is that how you spell that?) switch it on, watch the lights in the room dim Twisted Evil and then hand the now very dead (and clean) drive to the engineer to drop in a skip on the way home.

Author: mb PostPosted: Fri Jan 28, 2005 5:12 pm    Post subject:
    ----
Thanks for the feedback. I actually had the opportunity yesterday to discuss this with a business attorney who has some experience with this sort of thing.

Before I go further, let me preface this with (1) YMMV... and (2) my paraphrasing of what the attorney said may not accurately reflect her actual intended meaning and (3) this is NOT legal advise; I'm not an attorney and I don't play one on the Internet.

She said where issues of privacy of customer data were paramount, you have only a few practical choices:

In all cases, some kind of legal audit trail must exist and in all cases the data on the drive must be destroyed - to high level of industry standard. This means formatting the drive, fdisk, etc are simply not acceptable. Professional wiping tools and degaussing are apparently a bit more of a gray area. But if the goal is no leaks of sensitive data via end of life cycle HDDs, then the certified destruction is the route to go.

She said that some manufacturers have drive destruction certification programs - i.e. they will replace your defective drive and later certify receipt and destruction of the failed drive. Apparently, some manufacturers will also accept certification of drive destruction from bonded 3rd parties as part of their warranty program..

If none of these are available, then she said the best route is to suffer the cost of drive replacement (i,e, don't use the warranty) and destroy the data yourself or by using a 3rd party service such as this service.

She also added that the cost of such programs needed to be weighed against the potential cost of lawsuits and/or bad PR if private customer data became public via such a source.

Author: Mongrel PostPosted: Sat Dec 15, 2007 11:09 pm    Post subject:
    ----
I know that banks and other large financial institutions will destroy the
drive. As to what arrangements they have in their SLA's with the vendor, I
am not sure - but I know they do get drives when they need them.

Military wipe simply won't do it and degaussing has been proven less than
perfect as well. There was even a post here on this topic a couple years
back.

And what your lawyer said is indeed true. Chain of Custody and verification of destruction are critical for the auditors and the feds (OCC, SOX, GLBA
etc.)

Author: PhiBerLocation: Your MBR PostPosted: Mon Dec 17, 2007 7:16 pm    Post subject:
    ----
I have had to use Dell's Keep Your Hard Drive service in the past. You pay an additional upfront cost for the service and keep your old hard drive if it crashes. They will then send you a replacement drive you can use. Works quite well actually.

Author: The_Real_GandalfLocation: Athens,Greece PostPosted: Tue Dec 18, 2007 9:37 am    Post subject:
    ----
It all depends uppon the level of criticallity when it comes on data sensitivity.

The best way to destroy a drive is either by de-magnitazation or fire. These are the only secure ways to clean erase/destroy a drive.

As for warranty issue. Companies with such high level of sensitivity do not use warranties in this way.
They have special contracts , where an engineer of the vendor comes in, checks that the drive is dead, while company personnel is present.
He fills out a form and then assigns the new hardware.
Old hardware is either stored (with recorded serial number) or destroyed in furnace and high fire or under a very strong magnet.

Keep in mind though that we are talking for high sensitivity data (equal to SECRET clearance level in US) and it is not applicable to companies or other areas where they mostly use degausing or software methods.


Gandalf

Author: graycatLocation: London, UK PostPosted: Tue Dec 18, 2007 3:50 pm    Post subject:
    ----
for the most part I agree with what people have been saying. We look at things on a case by case basis taking into account not only the server but also it's data that it might have held. On this basis we can decide whether to take the hit by purchasing a new drive rather than using the support packs or not. If the data is of a suitably secret or confidential nature then we will indeed take the hit, purchase a replacement and then have the drive professionally disposed of by a reputable external company.

Author: PhiBerLocation: Your MBR PostPosted: Tue Dec 18, 2007 7:28 pm    Post subject:
    ----
The_Real_Gandalf wrote:
The best way to destroy a drive is either by de-magnitazation or fire. These are the only secure ways to clean erase/destroy a drive.


This looks pretty secure to me, so long as you are there to monitor the destruction process. Very Happy



Networking/Security Forums -> Physical Security and Social Engineering


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group