Destroying Sensitive Information How Enterprises Can Do It Safely and Securely

Published on 12 Nov 2013

by GOsafeonline

In the corporate world, infocomm technologies are widely used; files are stored, sent and retrieved through various computing and storage devices such as mobile phones, laptops, flash drives, etc.  However, when the data are no longer needed, hitting the "delete" button or even clearing the "recycle bin" doesn't really do the job in removing the files from your devices. While you can no longer see the files, they could still be easily retrieved. Think about your sensitive corporate data, if such files are retrieved by a third party, the consequences might be dire.

Perhaps your organisation regularly refreshes old infocomm technology devices. When new products are bought, information from the old devices are being transferred to the new devices and then deleted before being thrown away. To be environmentally friendly or charitable, your organisation might even sell these devices to a recycle company or donate it to the needy. If your organisation is having such a practice today, you might want to relook at your process to ensure that your sensitive corporate data are indeed completely removed from the devices.

Information on our computers or laptops is mainly stored on hard disks (some newer computing devices uses Solid State Drive). To make the information portable, some users might choose to copy it to a flash drive (e.g. thumb drive, SD card, etc.) or portable hard disks. Due to the file storage structure in such media, files that are deleted through the devices' operating system are not removed from the media, they are merely unreferenced (in computing terms, they are "unlinked"). The data of the deleted files still resides in the memory space of the media, until the memory space is required by another file.

 

Storage Media TypesExamples 
Magnetic Storage Media Hard disks, floppy disks, etc. 
Optical Storage MediaCD, DVD 
Flash Storage Media Thumb drives, SD card, etc. 

 

If you think that reformatting the media can remove remnants of the data that resides in it, you are right, if it is done through the correct way. The act of reformatting is unique in every operating system because the operation that is performed varies. High level reformatting (which is usually performed) will only free up memory space for use by other data, but does not overwrite the memory space. Data in the media could still be recovered using various data recovery software. Secure erasure is the process of eliminating any remnant data that resides in storage media to reduce the possibility of data recovery. There are three common approaches for secure erasure of data:

 

Overwriting

This is a software approach to remove data in a storage media. Among the three common approaches, this is the only approach where the media can be reused immediately after secure erasure of data. Basically, low level formatting is performed to the storage media, where the memory space is repeatedly overwritten by meaningless data (i.e. '1's and '0's).  There are various software that performs this function, but its effectiveness will depend on the algorithm that is used (e.g. Gutmann method, US DoD 5220.22-M, etc.), the state of the media (e.g. bad sectors in magnetic storage media, bad block tables in SSD, duplicated data segments in RAID disks, etc) and the media type (e.g. overwriting doesn't work well on Solid State Drive).

Degaussing

Degaussing is a process in which the storage media is subjected to a dominant magnetic field to remove data on the media. This process only works on magnetic storage media such as hard disks and floppy disks. Data on optical and flash storage media cannot be removed using this method. Once the media is subjected to such secure erasure method, the media would require servicing by the manufacturer before it can be reused. The effectiveness of this method also depends on the degausser's magnetic field strength and procedure applied to degauss the media. If the degaussing process is not performed correctly, remnant data might still exist on the media.

 

Physical Destruction

If the organisation does not wish to recycle or reuse the storage media after the data in it is securely erased, the storage media could be extracted from the computing device that it resides in (e.g. computer, laptop, etc.) and be sent for physical destruction. Data in optical storage media could also be destroyed using this method. Techniques used in physical destruction include disintegration, burning, chemical decomposition, pulverisation, liquefaction, etc. As any small fragments of a storage media might contain data, there is a need to perform the destruction methods thoroughly to ensure that the storage media is reduced to a state where no data could be recovered from its physical form. Due to the need to invest in heavy machineries or destruction tools for this type of media destruction, it is usually performed by specialists. To prevent any compromise of highly sensitive data in the storage media that is sent for destruction, this approach could be the second step to a two-step approach in secure erasure - the first step could be overwriting or degaussing.

 

The cost in secure erasure of data in storage media varies. Overwriting can be performed using open-source software, while degaussing requires the purchase of degausser and physical destruction requires the purchase of equipment or engagement of a specialist service. As such, on top of choosing the secure erasure method based on the type of storage media, organisations should also make the assessment based on the impact of disclosing the data stored in the media.

Tags