Month: October 2025

by alex on Storage

Dead men don’t tell tales, and neither do crushed hard drives

I’ve had this conversation more than a few times on reddit and with people who don’t work in the storage industry. “Why are they destroying perfectly good hard drives/iPads/etc”

  • I suppose standard disclaimer should apply here – I work for a company which sells storage systems (HDD+SSD), and this is all my own opinion and does not reflect the opinions of my company. One might think that because a company like the one I work for sells hard drives, they would want to remove secondhand ones from the market in order to sell more. This naïve view doesn’t account that the financial model enterprises storage systems are sold under is weighted more towards licensing than hardware, I also don’t get paid based on sales, so I assure you, there isn’t any bias here.

Anyway.. the most recent discussion on this topic from reddit brought this article from IEEE Computer to my attention. This article correctly states that there are benefits to enabling a circular economy for storage devices, and that many storage devices can be cleared, or at the very least purged, of confidential data, to enable secure reuse.

  • I’ll note that one of the contributing authors is part of the Chia project, which uses the blockchain and huge amounts of storage to enable.. I dunno, commerce or something. Chia is not without criticism, that while it claims it’s greener than bitcoin, it still involves spinning rust, which is not super cheap. I don’t actually take a position on the Chia project, other than to say that encouraging re-use and circular economy for data storage isn’t actually a bad thing, but that I think if I were part of the project and writing an article about why people spend the time and effort to make cheap drives available, I might consider declaring a conflict of interest.

So here’s the thing – you can absolutely clear data from drives, in some cases, very quickly, in other cases, more slowly (“purge” from the article). But you can make it gone, no doubt about it.

And then what happens? You put a sticker on it, and put it in a pile. How many drives did you have attached to your wiping station at the time? Did you put a sticker on the right drive though? Drive sits around for a while and maybe the sticker falls off. You have a blank drive sitting around, did it get cleared? Well I’ll just wander over and check the device serial number against my log of cleared/purged drives. 5 minutes later, you’ve found it, and the drive’s probably good to go. Then you find another one.. did they use bad adhesive on this batch of stickers? or did it get too hot or too cold. Oh well, it’s probably fine, no one misread your sign and put an uncleared drive in the cleared pile. And no one grabbed a drive from that pile for another project and put it back in there again after they were done, Right?

Or maybe you’re lucky, maybe you have some secure cages and you can make sure that no one other than you moves drives in or out of the cage. But IT is usually kept in the basement for a reason – space is at a premium, and no one wants you to have more than you absolutely need.

Off they go to the drive reseller who’s paid you $20-50 each for them. It’s taken a couple of hours to unrack, attach, clear/purge the drives, label them, arrange the sale, which has taken you away from your core job tasks. “Earned $2000 by selling hard drives” is your end of year achievement.

But.. oops, no, can’t put that down. You missed a step and someone found an uncleared drive that they could recover data from. Well oops. Oops again. Our bad.

Suddenly your organisation is on the hook for regulatory fines, or legal settlements, gets bad press, your auditors are breathing down your neck asking “why did you think this would be ok?!?” and then your $2000 for the IT slush fund doesn’t look like such a great trade.

What’s the answer then? Crush the drives. Make it instantly visible that the storage devices leaving your premises do not have data on them.

So, sorry. I take the view that while it’s technically quite possible to erase data from storage devices, that it is unfortunately still irresponsible from a risk management point of view to then allow any drives out of your control, especially since the financial benefits of selling them is so small. The bigger the organisation, the more likely procedures are to break down, and the more likely you are to have a data spill.

My commentary here is full of strawmen, I totally grant that. But to save your company from risk, you need to follow the logical data clearance 100% of the time, and it’s not simple to tell if it has been done, and that the consequences of even a single slip can be catastrophic. Crush the drives.