In a recent blog, we discussed the methods of data erasure; most organisations have a technique or protocol in place, but how can they be sure that it’s 100% effective and that every trace of data has gone? There are also circumstances where clients ask for third-party proof of the erasure process for regulatory purposes. The answer is erasure verification.
What is erasure verification?
When an organisation wishes to repurpose or dispose of second-hand media, erasure verification will give them the confidence to ensure that the erasure method they are currently using is effectively destroying 100% of the data.
Erasure verification will provide a written report that details the effectiveness of your organisation’s erasure process, giving peace of mind to dispose of any media securely without risking a data breach.
Match the method to the media – and verify, verify, verify
The ‘NIST 800-88’ published by the National Institute for Standards and Technology, provides guidelines to ensure organisations are using effective data sanitisation methods. A key part of NIST 800-88 is its recommendation to verify any data sanitisation method that is undertaken.
“Verifying the selected information sanitisation and disposal process is an essential step in maintaining confidentiality. Two types of verification should be considered. The first is verification every time sanitisation is applied…The second is a representative sampling verification, applied to a selected subset of the media. If possible, the sampling should be executed by personnel who were not part of the original sanitisation action.”— NIST SP 800-88, Rev.1, “Information Sanitisation and Decision Making.”
The NIST gives specifications for verification methods dependent on media type along with sampling sizes. The guidelines lay out two options for verification:
- Verifying that sanitisation has been applied to all media in question
- Verifying a sample of the media to show that no data is recoverable.
Without a verification process, organisations’ data could be vulnerable to data breaches. For those in heavily regulated industries especially, proving the effectiveness of the data sanitisation method is essential to prove compliance with data security regulations and guidelines.
Proof of NIST 800-88 sanitisation comes in the form of a detailed certificate. Available in either hard or soft form, the certificate validates that rendering of the data resulting in it being irretrievable from the media. Without a certificate proving erasure verification, the data sanitisation method is not complete.
Find out more on how Ontrack can assist you with your erasure verification needs.
Why do we need data security?
We all know data security has been a hot topic in the news. Companies are continually under fire for data leaks one way or another. Many corporations across the world are receiving requests from their clients to present third-party verification of their data erasure process to prove that they are properly disposing of their data. It is also becoming part of a company’s due diligence to verify their data erasure methods to be sure their data is safe.
Erasure Verification Services are necessary to guarantee the erasure of data on media intended for reuse or disposal. Organisations that do not verify the destruction of data on their media leave themselves open to accidental exposure or theft of sensitive data.
Erasure verification services not only determine the validity of your erasure process, but it can also provide your organisation with documented proof of your sanitisation.
How does the erasure validation process work?
- Preparation of the device – We will ask the customer to write a specific data pattern on the device they wish to run the erasure validation process on.
- Sanitisation procedure – The customer will run their own data sanitisation process. Ontrack can run the process for the customer is they require.
- Analysis – An in-depth analysis of the media will take place where we will search for any remnants of data.
- Erasure validation report –We create a final report that we deliver to the customer detailing the process and the results.
Why choose erasure verification?
Choosing an erasure verification service will eliminate the possibility of theft or accidental exposure of your organisation’s sensitive data. It will also ensure you maintain control of your internal data and allow you to manage compliance requirements, quickly and efficiently. Additionally, erasure verification provides:
- A full chain of custody
- Strict security protocols
- Erasure certificates for compliance
- Ensure the disposal of end-of-life media to government standards
Overall, erasure verification is a service that organisations should consider to ensure that their data destruction methods are 100% effective. In today’s digital landscape, organisations can’t be too careful when it comes to protecting sensitive data – whether it’s their customers or the company’s own.
Picture copyright: hans/pixabay