Data sanitization, though simple on the surface, actually presents a variety of wrinkles and nuances that must be seriously considered as organizations evaluate what they need to do to keep data safe through proper destruction.
The good news for businesses is that plenty of other organizations have been wrangling with some of these problems, and some of the entities handling the most sensitive types of data have developed formalized standards for data sanitization and destruction. The U.S. Department of Defense and National Security Agency are two such bodies, and their various regulatory documents and rules provide key guidance on data sanitization best practices.
Three lessons we can learn from the DoD and NSA are:
1. Software wipes aren't up to modern demands
The DoD 5220.22m Wipe solution, a method that wipes data by changing the configuration of zeros and ones stored on a device, has long been treated as a secure method to erase data from a hard disk that you want to use for another purpose. That final point is absolutely critical, as the DoD 5220.22m Wipe is not considered a secure way to erase data and adequately protect that information. While the DoD 5220.22m Wipe has emerged as a popular solution, it was originally created by the National Industrial Security Program, and it was revised back in 2006. It is a dated method that, according to a Lifewire report, is no longer permitted by the DoD, Department of Energy, Central Intelligence Agency or Nuclear Regulatory Commission.
"Software erasure methods leave large quantities of data recoverable from hard disks."
According to the news source, it is not only worth noting that the method is no longer in use, but also important to recognize that software-based data wipes are no longer considered acceptable by these agencies. Software wipes have been definitely rejected by government agencies that handle sensitive data, and with good reason.
Software erasure methods leave large quantities of data recoverable from hard disks, making them inadequate when businesses want to fully erase data. There may be some place for software wipes if organizations want to reuse a hard disk within an organization, but even then, there is plenty of risk as a user may be able to leverage access to the hard drive to access data that isn't meant to be viewable based on the employee's authorization level.
2. Always control the destruction process
The DoD will periodically release standards around IT best practices relating to different partnerships. Last year, a detailed document highlighting practices associated with a partnership with SAP was made available, and its details relating to data sanitization can be helpful for just about any organization. One particularly notable regulation has to do with precisely when data destruction practices must take place. The standards document explains, "Prior to media disposal or release out of SAP control, organizations shall sanitize all media using sanitization mechanisms with strength and integrity commensurate with the classification or sensitivity of the information."
This simple statement comes with a few key takeaways that organizations should keep in mind when destroying storage media:
- The DoD didn't want to let data leave SAP control. Businesses can't control the chain of custody once storage devices are outside their facilities. Protecting sensitive data requires a solid chain of custody to control physical data access. Follow the DoD's lead and take control of the data destruction process.
- Proper sanitization methods will vary depending on media type and data sensitivity, so organizations should have a plan and formal process for different situations.
- Organizations should rely on physical destruction alone. It is common to send hard disks to a third-party specialists for proper disposal – hard disks present some unique destruction and recycling challenges. However, this guidance is a reminder that disks should be sanitized before being sent elsewhere. Sanitization should happen prior to destruction.
3. Not all degaussers are equal – Understanding coercivity
A hard disk degausser santizes a hard disk by altering its magnetic capabilities to render data inaccessible and make the device useless. However, this is accomplished by reversing the magnetic field associated with the device. The NSA Degausser Evaluated Products List, a document that highlights degaussers recognized as effective by the NSA, pointed out that its evaluations focused on measuring coercivity of degaussers to ensure that devices on the list are powerful enough to erase modern hard disks.
Not all degaussers will be equally able to erase data effectively, however, Proton Data offers multiple solutions recognized by the NSA as effective. Other useful bits of advice from the NSA include:
- Always follow manufacturers instructions about re-testing degaussers as coercivity can change over time.
- Make sure you adjust your data erasure strategy according to device. For example, flash media doesn't depend on magnetic charge, so degaussers won't work.
While proper data sanitization may seem complex, Proton Data offers a full suite of solutions to help you simplify the process. Our degaussers and shredders can empower your organization to simplify the chain of custody and manage proper data destruction across a variety of media types.