BEGINNINGS OF THE DATA SECURITY BUSINESS
KruseCom’s predecessor companies pioneered the data destruction business. It started when the company bought a large lot of hard drives from an Original Equipment Manufacturer (OEM). The OEM typically leased its equipment to Fortune 500 companies for 3 years. At the end of the lease period, many end-users would return the leased equipment to the OEM. KruseCom’s predecessor had developed a market in spare parts, and on one occasion made a commitment to purchase approximately 5000 hard drives from the OEM.
In testing these hard drives for resale, the company discovered that the hard drives still contained data. The company called the OEM, and asked a delicate question, “What do you want to do with this legacy data?” The OEM did not want the hard drives back, but they also did not want their clients’ legacy data to leak. The OEM asked if we could erase the data for them.
We researched the erasure process, relying especially on the United States National Institute of Standards and Technology (NIST). That research indicated that one can’t really erase data from hard drives. However, one can overwrite magnetic storage material. At that time, the US Department of Defense had established a standard called the US DOD 5220.22-M that called for a three times (3x) overwrite of randomized binary digits across all sectors of a hard drive.
Further research took the company to Europe where we found a software product capable of overwriting hard drives to meet the DOD specification, other security algorithms that were emerging, and even custom patterns that a customer might request. The software executes the overwrite process without human intervention. If, and only if, the overwrite process reaches successful completion, the software generates a certificate of erasure. If the overwrite process fails, the hard drive can be physically destroyed by degaussing or crushing. We bought a large number of overwrite licenses from the European company, and became their first US customer.