RichM has a new topic for all of you in the trenches. It's not sexy, but everyone with a real day-to-day job in IT (regardless of whether your job description specifically states security) has the unfortunate need to deal with these types of issues. You'll even find a recommendation on a free open source tool to get the job done.
Permanent Link: [Article]-The Business Case for HDD Wiping
This month's installment is inspired by all of the other tasks that require our attention which allows important things to slip through the cracks. What amounts to general laziness is really just a symptom of a much bigger problem: lack of time. As administrators we are expected to keep all machines (basically if it plugs into a wall, we should have encyclopedic knowledge about it) up to date, users should always be productive, oh and maintain a secure yet usable network. If that was the end it might be manageable, but of course there is always several "special" projects that require research, testing and most importantly time to implement. Therefore I understand when a menial task like formatting a hard drive doesn't get done, but I can't say that lack of time is a justifiable excuse.
Old hard drives are a rich source of unknown hidden treasures, even if they were only used by a temp or even a personal assistant. As is very common in corporate times, passwords are shared without much issue. If I had a nickel for each time I heard or watched a supervisor/Chief _____ Officer log into his assistant's machine, do some work, then log out, I would probably be writing this sitting in the sand under a palm tree.
In an effort to express the importance of sanitizing old hard drives, I present to you two scenarios, each with its own level of severity. Ultimately you have to decide if the extra effort is justified for the potential "what ifs" that are outlined below.
Let the discussions begin,