There are statistical evidences supported by data destruction
companies which present that in countries like Mexico, Brazil, United States,
Colombia, Costa Rica, Argentina, UAE, and India; two out of three companies
face data management problems & risks. Data should be appropriately managed
across the entire data lifecycle, from capture to destruction. Data destruction
process forms an integral part of data management processes. At the end of data
lifecycle, enterprises may archive it for later use, or destroyed the data.
Data destruction is the process of removing information that renders it
unreadable or irrecoverable. There are different kinds of data wiping services
and secure wipe solutions that allow an organization to more efficiently and safely
protect its data.
According to data
destruction company experts, there exist different kinds of secure data
deletion procedures. Enterprises need to categorize the data that is supposed
to be destroyed according to the type of medium on which it is stored, level of
confidentiality, and the future plans for the media. Then, with the help of
secure data deletion professionals decide the suitable procedure for secure
data destruction. After the data deletion, enterprises should employ review
process to verify the effectiveness of each solution or service. The most
common procedures for secure data deletion are:
CLEAR PROCEDURE
In clear procedure,
software or hardware products are used to overwrite the storage space on the
drive with non-sensitive data so that the existing data can be replaced with
non-sensitive data. Using this procedure for hard drive’s secure data erasure
allows overwriting of logical storage location and user-addressable locations.
However, hard drive’s secure data erasure can’t be done if it’s damaged or not
rewriteable. For media such as mobile phones which are not dedicated storage
devices, the clear procedure means the ability to return the device to factory state.
According to secure wipe solutions experts, some devices do not directly
support the ability to rewrite or apply media-specific techniques to the
non-volatile storage contents thus only allow deleting the file pointers.
Secure wipe solution should ensure that the device interface does not
facilitate retrieval of the deleted data.
PURGE PROCEDURE
Purge procedure for
secure data deletion uses physical or logical procedures that render data
recovery infeasible even with the help of state of the art laboratories. Block
erase, Cryptographic Erase form an integral part of purge procedure and are
very effective for secure data deletion. As per data destruction company’s
experts, degaussing is also considered part of purge procedures. Degaussing
results in hard drive’s secure data erasure and renders a magnetic hard drive
purged. Data wiping services professionals should consider the strength of the
degausser and make sure it matches with the media coercivity. However
degaussing cannot be used for secure data deletion of media that contains
non-magnetic storage, thus for such type of devices companies can consult data
wiping services experts.
DESTROY PROCEDURE
Destroy procedure for
secure data deletion renders the data recovery infeasible and the media can’t
be used again for data storage. As per data destruction company’s experts,
there are different kinds of procedures for media destruction.
Disintegrate, Pulverize, Melt, and Incinerate: These destroy
procedures are designed to completely destroy the media. These procedures are
carried out by data wiping service provider at an outside facility in front of
the client. Data wiping service provider should be able to destroy the media
effectively, securely, and safely.
Shred: Shredders are used to destroy flexible media so that it can’t
be reconstructed. According to data destruction company’s recommendations the
shred size of the refuse should be small enough that the data cannot be
reconstructed. To make reconstructing of data even more difficult, the shredded
material can be mixed with non-sensitive material of the same type.
METHODS FOR REVIEWING SECURE DATA
DESTRUCTION
Reviewing the processes
of secure data destruction services is an essential step in maintaining confidentiality. The review
should be executed by personnel who were not part of the secure data
destruction services. There are two types commonly used methods for the review
of secure data destruction services.
1. Full Review: In this method the
review is applied for each piece of media and every time. This method of review
of secure data destruction services is very detailed and takes the most time.
2. Sampling Review: In this method the
review is applied to a selected subset of the media. This method of review of
secure data destruction services is not very detailed and takes the less time.
REVIEW OF SECURE WIPE SOLUTION DEVICES
As per data destruction
company’s experience, reviewing the processes of secure data destruction
services is not the only assurance required by the companies. If the company is
using secure wipe solution devices, then periodic review and maintenance of
these devices should also be done. Secure wipe solution devices include devices
such as degausser and standalone secure data deletion machines.
REVIEW OF SECURE DATA DELETION
COMPETENCIES
Review of secure data
deletion competencies is an important element along with reviewing the secure
data destruction services process. Companies should review competencies and
expertise of secure data destruction services provider and ensure their staff get
secure data deletion training course during implementation of secure data
destruction services.
REVIEW OF SECURE DATA DESTRUCTION
SERVICES RESULTS
The aim of secure data
destruction services is to ensure that drive’s secure data erasure happened
effectively. Normally companies don’t have access to data recovery laboratory
infrastructure to review hard drive’s secure data erasure. Credibility of
secure wipe solutions and secure data destruction services can easily be
reviewed via full reading of all accessible areas on the drive to verify
results.
During a full review,
the drive should be read completely to verify that no data exists on the drive.
This type of review will take lot of time and effort but this method guarantees
the effectiveness of secure wipe solutions and secure data destruction
services.
According to data wiping
services experts, companies can also choose sampling review method for
reviewing credibility of secure wipe solutions and data wiping services.
However companies should consider following points while using sampling review
method:
1.
In the market there are many secure wipe solutions and data
wiping services that only wipe a subset of drive, thus to avoid incomplete hard
drive’s secure data erasure companies can review pseudorandom locations on the
drive while verifying the credibility of secure wipe solutions and data wiping
services. Along with pseudorandom locations on the drive the sample review
method must also select hard drive’s subsections for verification. The best way
is to avoid incomplete hard drive’s secure data erasure is to select at least
two non-overlapping pseudorandom locations from within every subsection
selected. As per secure data destruction company’s expert, each sample should
cover at least 5% of the subsection and should not overlap the other sample in
the subsection.
2.
Another important point to be considered while sampling is to
select first and last addressable location on the storage device as some secure
wipe solutions and data wiping services don’t delete data from first and last
addressable location thus leading to incomplete hard drive’s secure data
erasure.
3.
For encrypted data deletion, sampling review process should work
differently as the original data content is unknown and comparison is not
possible. When Cryptographic Erase is leveraged, there are multiple options for
verification, and each uses a quick review of a subset of the media. Encrypted
hard drive’s secure data erasure involves a selection of pseudorandom locations
in different subsections for sampling. However the process involves looking for
a file in known locations and thus the percentage of addressable area is
relatively small, mentions a secure data destruction company’s expert.
4.
During the review of secure wipe solutions and data wiping
services, it’s also recommended to select a subset of media items for review
using a different review tool. As per recommendations from data destruction
company experts, during this review at least 25% of wiped media should be
considered. This review method will help to compare and validate the
effectiveness of hard drive’s secure data erasure.
Enterprises can easily
decide what procedure is appropriate for what kind of scenario with the help of
a data destruction company or data wiping services professionals. Also the enterprise
professionals should get trained in reviewing the secure data destruction
results and processes to verify the credibility of different solutions and services.
The secure data
destruction services, secure wipe solutions & training course should help
to identify and resolve risks associated with data management in your
organization. The secure data deletion methodology should be very
different from traditional methodology of data destruction companies.
The secure data deletion methodology should be based on a process of
manual and automated verification procedures using our own scripts,
proprietary, commercial and open source tools that identify all types of recoverable
data.
0 comments:
Post a Comment