Data Disposal
Our Cloud providers handle the disposal process:
Amazon Web Services (AWS)
According to 'Amazon Web Services: Overview of Security Processes (August 2016)': "When a storage device has reached the end of its useful life, AWS procedures include a decommissioning process designed to prevent customer data from being exposed to unauthorized individuals. AWS uses the techniques detailed in DoD 5220.22-M ('National Industrial Security Program Operating Manual') or NIST 800-88 ('Guidelines for Media Sanitization') to destroy data as part of the decommissioning process. All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance with industry-standard practices." ('Storage Device Decommissioning,' page 8, https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf)
Google Cloud Platform
A company may decommission physical storage media for various reasons. If a component fails to pass a performance test at any point during its life cycle, they remove it from the inventory and retire it. Google also upgrades obsolete hardware to improve processing speed and energy efficiency or increase storage capacity. Whether the company decommissions the hardware due to failure, upgrade, or other reasons, it decommissions the storage media using appropriate safeguards. Google hard drives use technologies like full disk encryption (FDE) and drive locking to protect data at rest during decommissioning. When the company retires a hard drive, authorized individuals verify that the disk is erased by overwriting the drive with zeros and performing a multi-step verification process to ensure the drive contains no data.
If the company cannot erase the storage media for any reason, they store it securely until they can physically destroy it. Healthy.io will either crush and deform the drive or shred it into small pieces depending on the available equipment. In either case, it recycles the disk at a secure facility, ensuring that no one will be able to read the data on retired Google disks. Each data center adheres to a strict disposal policy and uses the techniques described to comply with NIST SP 800-88 Revision 1 ‘Guidelines for Media Sanitization' and DoD 5220.22-M 'National Industrial Security Program Operating Manual.'