[pierat]

Now why don't these companies keep the drives in-house instead of destroying? That, I don't know.

But aside that, regarding the encryption... If you used the drive without encryption at any time, then its possible to recover the unencrypted data. You'd need to guarantee that your drives were *always* used with encryption from the start to end. And that's a hard guarantee.

So yeah, if they were leaving the org, I'd destroy them too.

[zaroth]

I don’t think that’s how it works. With these drives the AES encryption is always being done by dedicated hardware on the drive, but by default the key is just a random value stored in NVRAM.

When you do a “secure erase”, the drive will internally regenerate a new key and overwrite it in its NVRAM. Crucially, the algorithm must be securely random and the old key must be reliably overwritten. But if those conditions are met - presto! Everything on the drive that was written with the old key is now unreadable and entirely unrecoverable.

If you actually want to “lock” the drive, the key would be generated by a KDF from the password, the one saved in NVRAM would not be used.

It’s more complicated than that, if you want to support enabling a password without wiping the drive. That would involve encrypting/decrypting a stored key with the password. But either way you can definitely secure erase a modern unlocked drive, if you trust the implementation!

[slackfan]

Ah, you have never been on the IT side of any shop have you? The risks to keep running said hardware, or performance, or storage space, or power consumption or whatever are too high so you aren't going to be using it. So you decom it and do what, stick it in a closet?

Decommissioned hardware that is put in storage inevitably walks home with an enterprising employee to whom the risks from the business perspective are simply not a factor.

[hospitalJail]

>hardware, or performance, or storage space, or power consumption or whatever are too high

I just upgraded my 10 year old laptop because I wanted to do AI Art locally.

I ran video games, CAD, cellphone emulators, my programs, etc... on this computer and it still works. Heck, I still use it in a different room now.

Its not the 2000s anymore, we don't need tons of processing power to open web browsers and M$ Office. Decommissioning could be a rare event in the future.

[cameronh90]

A typical office laptop is pretty useless after about five years.

Even if the standard consumer stuff works fine, all the annoying enterprise security and remote management software that you're required to deploy just seems to suck up more and more resources every year. Unless you're lucky enough to work in an industry where that sort of thing isn't needed...

But even if you forget the software side, most office workers don't take great care of their devices. Even a solid ThinkPad will often have bits falling off it after that amount of time.

[barrkel]

Can't agree, honestly. Someone in sales might have dropped their laptop a few times, but outside of coffee spillages (thinkpads had a drain hole), they're not in bad shape. I've bought (via donation to charity) used work macbooks and they're were in great shape. Battery life is the main wear item.

As to bloat and performance, the standard amount of RAM in a laptop has barely budged in over 10 years. In 2012, a typical consumer laptop might have had 8G RAM and the higher end models 16G RAM.

In 2023, a quick search shows basic home laptops still for sale with 4G RAM, and typical consumer laptops around the $1000 price mark come with 16G RAM as standard.

CPU performance has increased a bit in that time, but not by a whole lot, especially single-threaded. An old laptop might be a bit slow, but it's usually RAM and operating system support which makes it obsolescent. Apps and web pages either fit in memory or they don't; the OS you're running either supports the latest app / browser (and thus web pages) or it doesn't.

[TowerTall]

Within an enterprise hardware get decommissioned when the hardware warranty expires, which in many cases are 3 years (last time I checked).

[slackfan]

you... haven't actually seen what an average employee does to a computer have you? Yes there are ones that treat their hardware nice, but yeah, no.

Also it's not the useability it's the manufacturing warranty that goes with it. Personal use is a very different thing from business risk.

[toast0]

> Now why don't these companies keep the drives in-house instead of destroying? That, I don't know.

Keep them and do what with them? If you're an enterprise running many disks, you're generally replacing them with higher capacity disks and the old disks are less useful. Or maybe you have some policy on retiring drives based on age or ssd wear. Or maybe you eliminated a storage tier for whatever reason.

[bluedino]

I worked for a DoD contractor, and we were guilty of sending boxes of SSD's to the shredders. These were in old desktops/laptops.

If we had to replace a drive in a computer (or upgrade it from a HDD to SSD), we had to purchase a new drive. We were not allowed to re-use a drive. However, we could re-issue an entire computer to another user.

Makes zero sense, but that's what the compliance industry came up with. It's a money-making deal for everyone involved, except the companies that need to comply with it.