| My policy is: First:
1) use encryption from day one. As long as you can be assured the encryption never failed (somehow repartitioning and writing bare data to the drive), it is a viable option to treat the drive as non-sensitive, depending on what it was used for. Then:
2) use ATA secure erase to wipe it. This command, if you believe it was implemented correctly, should wipe the entire drive, including reserved space. Then:
3a) re-use or re-sell the drives, if you're in a moderate security environment and all of the above have executed correctly. (or send back to a manufacturer if failed in moderate ways which still allow ata secure erase to execute...or if you really trust the disk encryption and it wasn't used for anything sensitive) or 3b) If the security steps above have failed, or if you've screwed up somehow, or if the drive was used in a policy environment which requires or, or if it was used for the most sensitive of data and you need to convince outsiders of security, or if there's any chance the host the drive was attached to was hacked while in operation (in which case the drive security may have been defeated with new formatting or new firmware), physically destroy the drives in rotary disintegrator. You want to do the above even if you plan to shred them because it reduces security risks and requirements while in transit. |