Data sanitization makes your data permanently unrecoverable, but don’t leave without verification
Sometimes being careful is still not enough. While organizations rightfully pour resources into preventing data breaches while their electronic equipment is in use, it is equally important to establish protocols for what happens after said equipment is no longer needed. These days, your organization likely has a legal and regulatory duty to dispose of sensitive customer or proprietary information in a manner that renders it fully irretrievable.
As Gartner notes in its Hype Cycle for Data Security report, “growing concerns about data privacy and security, leakage, regulatory compliance, and the ever-expanding capacity of storage media and volume of edge computing and IoT devices are making robust data sanitization a core C-level requirement for all IT organizations.”
But a third party that pledges to take the task of data sanitization off your plate is not the same as the job being done right.
Before you hire a partner for IT Asset Disposition (ITAD), it is helpful to know what data sanitization actually entails to eliminate any possibility of legal repercussions and, potentially, a public relations disaster for a job gone wrong.
Here’s what you should know.
Verified data destruction is crucial
The Tech Target definition of data destruction goes like this: “the process of destroying data stored on tapes, hard disks and other forms of electronic media so that it is completely unreadable and cannot be accessed or used for unauthorized purposes.”
Although this may sound like an endpoint, it is not. Despite the poignant language, there is no confirmation that the data has indeed been destroyed, and unverified destruction makes your data vulnerable. The ever-expanding library of data protection standards demand more. For highly regulated industries, such as telecommunication and healthcare, nothing short of data sanitization will do to comply with data privacy laws.
A sanitized device has no usable residual data and cannot be recovered even with the help of advanced forensic tools. In other words, although data sanitization and data destruction are often used interchangeably, the former takes the latter to another level by confirming, using recognized verification methods, that the data is permanently irrecoverable.
The methods matter
Let’s take a quick look at each:
According to the International Data Sanitization Consortium (IDSC), there are three ways to deliberately, permanently, and irreversibly remove or destroy data stored on a memory device: Physical destruction, cryptographic erasure, and data erasure. The nature of your business, the data at hand, and the stringency of the regulations that you need to meet determine which method is right for you.
- Physical destruction is the process of shredding hard drives, smartphones, printers, laptops, and other storage media into tiny pieces by large mechanical shredders or using degaussers. Although this method is effective, it’s not the most environmentally friendly option and it also removes the opportunity to recoup value by remarketing the asset.
- Cryptographic erasure or crypto erase, is the process of using encryption software (either built-in or deployed) on the entire data storage device, and erasing the key used to decrypt the data. A quick and effective method, IDSC still cautions it is best used in transit or for information deemed non-sensitive. Since data does remain on the device, it should not be the method of choice when certain regulatory requirements need to be met.
- Data erasure is the software-based method of securely overwriting data from any data storage device using zeros and ones onto all sectors of the device. By overwriting the data on the storage device, the data is rendered unrecoverable and achieves data sanitization. This method achieves the highest form of data security and is often the recommended method for the sanitization of highly sensitive data. Unlike other methods, it produces a tamper-proof certificate that the erasure was a success, along with data about the device and standard use. IDSC also points out data erasure supports environmental initiatives and protects the resale value of the storage devices.
Receiving proof of destruction
So, how do you know the job has been performed in accordance with data protection standards?
Since you shouldn’t take just our word for it, here’s Gartner again: “ensure your ITAD vendor provides a certificate of data destruction with a serialized inventory of the data-bearing assets they sanitized. Include a clause within your ITAD contract giving you the right to audit the ITAD vendor’s data sanitization processes/standards to ensure their compliance with your security and industry standards (e.g., NIST 800-88). Regularly (e.g., annually) verify that your ITAD vendor consistently meets your data sanitization security specifications and standards.”
The NIST standard (the National Institute for Standards and Technology) provides, as you probably know, the most comprehensive guidelines for media sanitization for recent technologies and technical advancements. Another widely used standard from the U.S. Department of Defense is DoD 5220.22-M, also known as the National Industrial Security Program Operating Manual or NISPOM.
Your ITAD partner must sanitize data in compliance with both, as well as, when applicable, HIPAA, the federal standard for the protection of sensitive patient health information.
To summarize: No guarantees or promises can take the place of official verification and certification when it comes to data sanitization. Only then can you be assured that your data will never fall into the wrong hands.