What is the best data erasure method for my media type?
When it comes to protecting your most sensitive electronic information, creating a clear data erasure policy is equally important as having a robust data retention plan. With businesses producing so much data, it is more important than ever that secure data erasure policies are in place. However, with so many different media types available, how do you know what kind of data erasure method is suitable for your requirements?
Many people think that causing physical damage to a hard drive means there will be no chance of recovering any data that resides on it; this is not the case. Just because a hard drive has physical damage, does not necessarily mean that the data that resides on it is unrecoverable.
When you delete a file from a hard drive, the drive marks the file as 'deleted'. However, until a user overwrites that file, its recovery is still possible, e.g. with a reputable data recovery software.
Your best bet to ensure secure hard drive destruction is to use either a data erasure software or a degausser. Your choice may depend on how many hard drives you have to wipe and whether you require comprehensive, tamper-proof reports and certificates of erasure to comply with legal auditing requirements – which data erasure software can provide.
Many IT professionals believe that SSD erasure is easy and straightforward; however, it has its complications. Recent research has shown that conventional methods of erasure don't consistently remove all traces of data from SSD's. Due to the unique technical architecture of an SSD, each write operation stores data to a different physical location; it is, therefore, possible that even after several rewrites, traces of the original data may remain in specific memory cells. For those companies that have high-security demands, conventional methods of SSD erasure may not be suitable.
To ensure total secure erasure, an accredited shredder for SSDs is an optimal choice. Find out more about certified shredders for SSDs.
Tapes are an ideal solution for archiving data for long periods. When you store tapes over 10/20/30 years, there can be a risk of damage, which deems the tapes inaccessible and requires the migration of the data to new tapes. Archived data also has a retention period; once that passes, wiping the data on the tapes is a legal requirement. In both of these situations, a business should take action to destroy the data on the tapes securely. In the case of tapes, the best method of data erasure is a degausser. Using a degausser will allow you to safely dispose of those tapes with damage and reuse those in good condition.
If you are a home-user, when it comes to permanently destroying data from a smartphone, a factory reset is suitable to ensure you cannot recover any data. However, when it comes to businesses, most require proof of the data deletion for legal auditing purpose. A data recovery software will work best in these cases, as it will provide comprehensive, tamper-proof reports and certificates of erasure.
Categorization of information
Organizations produce vast amounts of information every day. To ensure the protection of that information, organizations should categorize it dependent on its confidentiality to ensure it is dealt with correctly when it is no longer needed.
The ‘NIST 800-88’ published by the National Institute for Standards and Technology, is a U.S government document that provides methodical guidance when it comes to erasing data from electronic storage media. The guidelines aim to ensure organizations effectively sanitize media so that data is irretrievable once the data or data storage device reaches its end-of-life.
What are the data sanitization levels?
According to NIST 800-88, every organization “should label its media with an internal operating confidentiality level and associate a type of sanitization from the list below.” The principles apply to magnetic, flash-based, and other storage technologies. It also covers mobile devices, UBS drives, servers, and even technologies that are yet to be developed.
NIST 800-88 is one of the most widely used data sanitization standards requested or required by the U.S. Federal Government, and its adoption has spread to many private businesses and organizations.
The categories of sanitization, according to NIST 800-88 are as follows:
- Clear applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques; typically applied through the standard Read and Write commands to the storage device, such as by rewriting with a new value or using a menu option to reset the device to the factory state (where rewriting is not supported).
- Purge applies physical or logical techniques that render Target Data recovery infeasible using state of the art laboratory techniques.
- Destroy renders Target Data recovery infeasible using state of the art laboratory techniques and results in the subsequent inability to use the media for storage of data.
Match the method to the media - and verify, verify, verify
Another critical part of the NIST 800-88 is the recommendation to verify any data sanitization method an organization undertakes.
“Verifying the selected information sanitization and disposal process is an essential step in maintaining confidentiality. Two types of verification should be considered. The first is verification every time sanitization is applied…The second is a representative sampling verification, applied to a selected subset of the media. If possible, the sampling should be executed by personnel who were not part of the original sanitization action.”— NIST SP 800-88, Rev.1, “Information Sanitization and Decision Making.”
The NIST gives specifications for verification methods dependent on media type along with sampling sizes. The guidelines lay out two options for verification:
- Verification that sanitization has been applied to all media in question (not applicable to ‘Destroy)
- Verification of a sample of the media to show that no data is recoverable.
Verifying the erasure of data is an essential part of the data sanitization process. Without it, organizations could be using inadequate sanitization methods, leaving their data vulnerable and exposed. Therefore, sanitizing data through Clear, Purge, or Destroy does not, on its own, adequately meet audit-proof sanitization standards.
Verifying data erasure methods
For organizations in heavily regulated industries, proving the effectiveness of the data sanitization method is essential to prove compliance with data security regulations and guidelines. Proof of NIST 800-88 sanitization comes in the form of a detailed certificate. Available in either hard or soft form, the certificate validates that rendering of the data resulting in it being irretrievable from the media. The certificate typically lists the following:
- Storage device by serial number
- Type of sanitization used (Clear, Purge, Destroy)
- Method used (degauss, software, overwrite)
Without a certificate proving erasure verification, the data sanitization method is neither complete nor guaranteed.
Find out more on how Ontrack can assist you with your erasure verification needs.
Remember that delete' does not mean 'erase'
We mentioned in a previous blog the difference between 'delete' and 'erase – you can read that blog here. Confusing the two can lead to organizations leaving themselves vulnerable to a potential data breach and severe fines. Ensuring your business is using a proven data erasure software, or hardware tool will go a long way in ensuring your critical information does not fall into the wrong hands.
For more information on the data erasure services, we can provide, visit our website.