What is the best data erasure method for my media type?
When it comes to protecting your most sensitive electronic information, creating a clear data erasure policy is equally important as having a robust data retention plan. With businesses producing so much data, it is more important than ever that secure data erasure policies are in place. However, with so many different media types available, how do you know what kind of data erasure method is suitable for your requirements?
Many people think that causing physical damage to a hard drive means there will be no chance of recovering any data that resides on it; this is not the case. Just because a hard drive has physical damage, does not necessarily mean that the data that resides on it is unrecoverable.
When you delete a file from a hard drive, the drive marks the file as 'deleted'. However, until a user overwrites that file, its recovery is still possible, e.g. with a reputable data recovery software.
Your best bet to ensure secure hard drive destruction is to use either a data erasure software or a degausser. Your choice may depend on how many hard drives you have to wipe and whether you require comprehensive, tamper-proof reports and certificates of erasure to comply with legal auditing requirements – which data erasure software can provide.
Many IT professionals believe that SSD erasure is easy and straightforward; however, it has its complications. Recent research has shown that conventional methods of erasure don't consistently remove all traces of data from SSD's. Due to the unique technical architecture of an SSD, each write operation stores data to a different physical location; it is, therefore, possible that even after several rewrites, traces of the original data may remain in specific memory cells. For those companies that have high-security demands, conventional methods of SSD erasure may not be suitable.
To ensure total secure erasure, an accredited shredder for SSDs is an optimal choice. Find out more about certified shredders for SSDs.
Tapes are an ideal solution for archiving data for long periods. When you store tapes over 10/20/30 years, there can be a risk of damage, which deems the tapes inaccessible and requires the migration of the data to new tapes. Archived data also has a retention period; once that passes, wiping the data on the tapes is a legal requirement. In both of these situations, a business should take action to destroy the data on the tapes securely. In the case of tapes, the best method of data erasure is a degausser. Using a degausser will allow you to safely dispose of those tapes with damage and reuse those in good condition.
If you are a home-user, when it comes to permanently destroying data from a smartphone, a factory reset is suitable to ensure you cannot recover any data. However, when it comes to businesses, most require proof of the data deletion for legal auditing purpose. A data erasure software will work best in these cases, as it will provide comprehensive, tamper-proof reports and certificates of erasure.
Categorisation of information
Organisations produce vast amounts of information every day. To ensure the protection of that information, organisations should categorise it dependent on its confidentiality to ensure it is dealt with correctly when it is no longer needed.
The ‘NIST 800-88’ published by the National Institute for Standards and Technology, is a U.S government document that provides methodical guidance when it comes to erasing data from electronic storage media. The guidelines aim to ensure organisations effectively sanitise media so that data is irretrievable once the data or data storage device reaches its end-of-life.
What are the data sanitisation levels?
According to NIST 800-88, every organisation “should label its media with an internal operating confidentiality level and associate a type of sanitisation from the list below.” The principles apply to magnetic, flash-based, and other storage technologies. It also covers mobile devices, UBS drives, servers, and even technologies that are yet to be developed.
NIST 800-88 is one of the most widely used data sanitisation standards requested or required by the U.S. Federal Government, and its adoption has spread to many private businesses and organisations.
The categories of sanitisation, according to NIST 800-88 are as follows:
- Clear applies logical techniques to sanitise data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques; typically applied through the standard Read and Write commands to the storage device, such as by rewriting with a new value or using a menu option to reset the device to the factory state (where rewriting is not supported).
- Purge applies physical or logical techniques that render Target Data recovery infeasible using state of the art laboratory techniques.
- Destroy renders Target Data recovery infeasible using state of the art laboratory techniques and results in the subsequent inability to use the media for storage of data.
Match the method to the media - and verify, verify, verify
Another critical part of the NIST 800-88 is the recommendation to verify any data sanitisation method an organisation undertakes.
“Verifying the selected information sanitisation and disposal process is an essential step in maintaining confidentiality. Two types of verification should be considered. The first is verification every time sanitisation is applied…The second is a representative sampling verification, applied to a selected subset of the media. If possible, the sampling should be executed by personnel who were not part of the original sanitisation action.”— NIST SP 800-88, Rev.1, “Information Sanitisation and Decision Making.”
The NIST gives specifications for verification methods dependent on media type along with sampling sizes. The guidelines lay out two options for verification:
- Verification that sanitisation has been applied to all media in question (not applicable to ‘Destroy)
- Verification of a sample of the media to show that no data is recoverable.
Verifying the erasure of data is an essential part of the data sanitisation process. Without it, organisations could be using inadequate sanitisation methods, leaving their data vulnerable and exposed. Therefore, sanitising data through Clear, Purge, or Destroy does not, on its own, adequately meet audit-proof sanitisation standards.
Verifying data erasure methods
For organisations in heavily regulated industries, proving the effectiveness of the data sanitisation method is essential to prove compliance with data security regulations and guidelines. Proof of NIST 800-88 sanitisation comes in the form of a detailed certificate. Available in either hard or soft form, the certificate validates that rendering of the data resulting in it being irretrievable from the media. The certificate typically lists the following:
- Storage device by serial number
- Type of sanitisation used (Clear, Purge, Destroy)
- Method used (degauss, software, overwrite)
Without a certificate proving erasure verification, the data sanitisation method is neither complete nor guaranteed.
Find out more on how Ontrack can assist you with your erasure verification needs.
Remember that delete' does not mean 'erase'
We mentioned in a previous blog the difference between 'delete' and 'erase – you can read that blog here. Confusing the two can lead to organisations leaving themselves vulnerable to a potential data breach and severe fines. Ensuring your business is using a proven data erasure software, or hardware tool will go a long way in ensuring your critical information does not fall into the wrong hands.
For more information on the data erasure services, we can provide, visit our website.