[openstack-dev] Volume Encryption

Jeremy Stanley fungi at yuggoth.org
Fri Mar 8 20:27:04 UTC 2013


> Degaussing would only be effective against drive theft if the
> thieves were obliging enough to provide advance notice so you
> could degauss the specific drives just before they were stolen.

It's not as uncommon as it sounds. Given some time I can probably
dig up old articles on the matter, but it was known that shady
actors were buying up large batches of drives and tapes at
bankruptcy auctions just to scour them looking for potentially
valuable data. For that matter, there were a number of situations
where it became apparent dead drives sent to manufacturers for
replacement were often not wiped when the manufacturer refurbished
and resold them.

At my previous employer, we had a particular fee schedule for
customers who wanted to lease servers in our facility but purchase
drives and tapes outright so that they could ensure proper disposal
per their individual security policies. Those rates included the
expectation that media failures would require the customer to
purchase replacement units through us rather than relying on normal
manufacturer warranties, so that they could similarly ensure
appropriate disposal.

Many of these customers degaussed the hardware and then put it
through a pulverizer before discarding, specifically because of this
particular threat.
-- 
Jeremy Stanley



More information about the OpenStack-dev mailing list