DoD or NIST?
It’s funny that clients are still requesting a three-pass wipe (DoD wipe) of their hard drives because they believe that a 3-pass wipe must be better than a 1-pass. The thought was that if it was good enough for the Department of Defense, it must be the best solution.
The DoD 5220.22-M 3-pass wipe standard is based on 1996 hard drive technology that was last updated in 2006. The older hard drives needed more wipe passes to ensure that the data was overwritten. But since then, hard drives in devices have stopped spinning. Our phones, laptops and even desktops are flash and solid-state drives, rendering old overwriting protocols problematic.
So not only is the DoD standard ineffective on today’s hard drive technology, it’s incredibly costly. The time-on-bench for a DoD standard wipe chews up technician hours, and the power consumption generates unnecessary costs and carbon emissions. A 500GB hard drive may take about 4-5 hours to complete a three-pass overwrite (per device).
The NIST (National Institute for Standards and Technology) 800-88, originally released in 2006 and revised in 2014, provides robust methodological guidance for erasing data from storage media (media sanitization). Originally established for government use, NIST 800-88 is now widely adopted and recognized by governments and corporations alike as the best-in-class method for ensuring effective media sanitization. Its objective is to ensure that any data found on storage media is irretrievable.
If you are a business leader, would you even consider using 30-year-old technology? That might raise some red flags. So why would you still rely on an old and defunct process to wipe the same data you’re spending millions to protect?
Instead, you should mandate a data security method that meets NIST SP 800-88 media erasure guidelines. This method leverages the technology protocols built into modern hard drives to purge the data and not overwrite it, in a single pass. More effective, four to five times faster, and cheaper than a DoD standard.