Home > Resource Center > Industry News > Data bearing devices: What you need to know for absolute data destruction

Data bearing devices: What you need to know for absolute data destruction

Data Bearing Devices
The unrelenting hunt for DBDs as part of the IT asset disposition process is a  critical first step in data security and compliance

Data bearing device (also called DBD) and data bearing asset (DBA) are broad terms covering any storage device capable of storing customer or proprietary company data. Often used interchangeably, some common examples include:

  • Hard Disk Drives
  • Solid State Drives 
  • Cell phones
  • Computers

For IT Asset Managers and others concerned about data tracking and disposition, locating DBDs that are less common can be a real challenge: How do you sanitize or destroy sensitive data on data bearing devices  if they are not documented, tracked or discovered?

A Guide to Data Bearing Devices/Assets   Protect your company and clients with this checklist of common, uncommon and hidden DBAs and DBDs that may contain customer or proprietary company data.  
Guardian Data Destruction Data bearing devices What you need to know for absolute data destruction

Types of data bearing devices

Due to their size, hard disk drives (HDDs) are typically the easiest data bearing devices to find. Solid state drives (SSDs), because of their smaller form factors and various sizes, can get a little trickier.  Most commonly known and recognized DBDs are

  • CDs
  • Magnetic tapes
  • Hard Disk Drives (HDDs) – external or internal
  • Solid State Drives (SSDs) – external or internal
  • Cell phones
  • Laptops
  • Tablets
  • Floppy disks
  • Scanners
  • USB drives
  • SD/Compact flash cards
  • USB drives
  • Motherboards with embedded storage
  • PCIe SSD cards
  • IO accelerator cards (type of optimized SSD)
  • NVDIMM (Non-Volatile Dual In-line Memory Module)
  • HSM cards

Server equipment is the “wild west” in the hunt for data storage.  In addition to the drives, you will find HDDs, SSDs, M.2 and SATADOMs in the front, back, internal, onboard and in the chassis itself.

  • Servers
  • Storage arrays
  • Tape Silos
  • Blade chassis/servers

IT assets that require a factory reset to remove IP addresses and other network identifiers and may also include additional data storage

  • Universal routers
  • Switches
  • Firewalls
  • Secure remote access modules (“infrastructure managers”)
  • Network devices

Common office equipment that may be considered benign or dumb (but frequently include integrated data storage):

  • Printers 
  • Copiers
  • Kiosks (includes self-checkouts, vending machines, price check machines, ticket booths, payment machines, POS, ID and insurance verification stands)
  • Smart docking stations
  • DVRs
  • Security camera controllers
Different kinds of data bearing devices

Proper lifecycle disposition of data bearing devices and assets

In addition to a scrupulous process for identifying data bearing devices and disposition, it is your responsibility to understand the compliance needs and risk factors across your organization and how to apply data destruction processes. 

Whether you rely on a third-party to advise you or not, forget about the outdated DOD standard and “number of passes”.  Instead, fully understand the NIST 800-88 Rev 1 data sanitization standard and how and when to apply the Clear, Purge and Destroy processes. As a result, whether you are shredding, wiping or degaussing, you will be able to develop, test, follow and update/revise all IT asset disposition processes by IT asset. Finally, require all third-party providers to follow your end-to-end process with supporting documentation as well.

LEARN: Download our NIST 800-88 Rev1 compliance guide

The risk that stakeholders can add to DBD and DBA data destruction practices

Understanding the compliance and risk framework for data destruction compliance is critical. We advise our ITAD partners to work with their clients to identify and actively include organizational stakeholders that should understand the value, risks and repercussions of non-compliance as part of your IT asset lifecycle. 

Depending on your organization, a wide swathe of departments including  IT, security, procurement, risk management, ITAD, IT asset management, finance, legal/compliance and even community outreach, PR and marketing that may be working on corporate governance (CG) or ESG programming may affect data destruction outcomes. Clear, published policies and educational programs can improve the awareness and risk of DBDs and DBAs to safeguard company data.

RELATED:  What happens when you skip the visual hunt for DBDs >

Data Bearing Device Computer
Data Bearing Device Computer Inside

Data bearing devices that are shipped add risk

Whether your IT assets are earmarked for resale, refurbishment, lease return, warehouse, redeployment, donation or the graveyard, avoid letting data travel. Your IT disposition process including physical IT asset inspections for DBDs and data destruction should be completed before IT packing and logistics. If it absolutely must travel with data, develop a secure IT logistics process that includes full chain of custody documentation.

data security

Ask for expert DBD/DBA guidance

Your data destruction provider serves as the final layer of data protection, so it’s crucial to work closely with your ITAD, VAR or MSP to understand and implement any additional protection layers they can offer, such as onsite physical audits of your assets to find data bearing devices.  

Demand that your third party vendors possess and provide adequate superior knowledge, skills and processes to protect your private and confidential data.  They should be able to work with you to develop a process of inspecting all IT assets before they leave the premises for all types of obvious, hidden-in-plain site and deeply buried data bearing assets that hide genuine risk. Their mission and deliverables should focus on protecting your company from removing residual data as part of EOL IT asset disposition practices. Guardian Data Destruction partners with ITADs, VARs, MSPs and IT resellers to support their customers who demand a gold standard of data compliance and destruction. We provide best practices in data destruction (shredding, erasure, degaussing), white glove IT asset packing and secure logistics or enterprise and data center services.

Read next

Sign up for email updates to receive the latest in data security options from Guardian Data Destruction >

With Guardian Data Destruction, you'll never have to worry or second-guess.

Get a quote Talk to us

Join our mailing list

Previous Next
Test Caption
Test Description goes like this