This logic doesn't hold. If I choose to dban or degauss something, I don't expect I should be able to recover it later. Admins absolutely have the option to make irreversible changes, and do this quite often.
If you are magnetically destroying hard drives as part of decommissioning, that's not really the same thing. You're not using admin access to do it, and you're not making a change that permanently applies to all future use of the device (because there is no future use).
Yes but we were talking about hardware level changes and the person you responded to specifically said flashing was okay. So I thought you had something relevant to that in mind.
Anyone can delete a file. Nobody wants to ban deleting files.
Just because some administrative decisions are permanent and destructive doesn't mean that every operation should be made permanent or destructive.
Should every software config require buying new hardware because the initial config gets permanently flashed with an e-fuse to only allow a single write? You could even make a security argument for such a setup, but good luck getting approval for your 15th motherboard this quarter because you typo'd the config.
Also, dban and degaussing is not entirely equivalent -- from a practical perspective the equivalent is hard drive shredding (because the hardware cannot be used again in the old/non-malware config -- dban and degaussing are more like factory default resets). Do some organisations need to do this? Sure. Should we design systems with the assumption that any mistake means that the hardware is destined for the shredder? I would hope not...
Degaussing (for orgs who do it) is just as operational a task as updating. There will be an SOP that covers data storage decommissioning. It's not as frequent, but it's not any less 'normal', certainly not ad-hoc or one-off. You don't invest in a degausser "just in case".
