There are statistical evidences supported by data destruction companies which present that in countries like Mexico, Brazil, United States, Colombia, Costa Rica, Argentina, UAE, and India; two out of three companies face data management problems & risks. Data should be appropriately managed across the entire data lifecycle, from capture to destruction. Data destruction process forms an integral part of data management processes. At the end of data lifecycle, enterprises may archive it for later use, or destroyed the data. Data destruction is the process of removing information that renders it unreadable or irrecoverable. There are different kinds of data wiping services and secure wipe solutions that allow an organization to more efficiently and safely protect its data.
According to data destruction company experts, there exist different kinds of secure data deletion procedures. Enterprises need to categorize the data that is supposed to be destroyed according to the type of medium on which it is stored, level of confidentiality, and the future plans for the media. Then, with the help of secure data deletion professionals decide the suitable procedure for secure data destruction. After the data deletion, enterprises should employ review process to verify the effectiveness of each solution or service. The most common procedures for secure data deletion are:
Clear Procedure
In clear procedure, software or hardware products are used to overwrite the storage space on the drive with non-sensitive data so that the existing data can be replaced with non-sensitive data. Using this procedure for hard drive’s secure data erasure allows overwriting of logical storage location and user-addressable locations. However, hard drive’s secure data erasure can’t be done if it’s damaged or not rewriteable. For media such as mobile phones which are not dedicated storage devices, the clear procedure means the ability to return the device to factory state. According to secure wipe solutions experts, some devices do not directly support the ability to rewrite or apply media-specific techniques to the non-volatile storage contents thus only allow deleting the file pointers. Secure wipe solution should ensure that the device interface does not facilitate retrieval of the deleted data.
Purge Procedure
Purge procedure for secure data deletion uses physical or logical procedures that render data recovery infeasible even with the help of state of the art laboratories. Block erase, Cryptographic Erase form an integral part of purge procedure and are very effective for secure data deletion. As per data destruction company’s experts, degaussing is also considered part of purge procedures. Degaussing results in hard drive’s secure data erasure and renders a magnetic hard drive purged. Data wiping services professionals should consider the strength of the degausser and make sure it matches with the media coercivity. However degaussing cannot be used for secure data deletion of media that contains non-magnetic storage, thus for such type of devices companies can consult data wiping services experts.
Destroy Procedure
Destroy procedure for secure data deletion renders the data recovery infeasible and the media can’t be used again for data storage. As per data destruction company’s experts, there are different kinds of procedures for media destruction.
Disintegrate, Pulverize, Melt, and Incinerate: These destroy procedures are designed to completely destroy the media. These procedures are carried out by data wiping service provider at an outside facility in front of the client. Data wiping service provider should be able to destroy the media effectively, securely, and safely.
Shred: Shredders are used to destroy flexible media so that it can’t be reconstructed. According to data destruction company’s recommendations the shred size of the refuse should be small enough that the data cannot be reconstructed. To make reconstructing of data even more difficult, the shredded material can be mixed with non-sensitive material of the same type.
Methods for reviewing secure data destruction
Reviewing the processes of secure data destruction services is an essential step in maintaining confidentiality. The review should be executed by personnel who were not part of the secure data destruction services. There are two types commonly used methods for the review of secure data destruction services.
1. Full Review: In this method the review is applied for each piece of media and every time. This method of review of secure data destruction services is very detailed and takes the most time.
2. Sampling Review: In this method the review is applied to a selected subset of the media. This method of review of secure data destruction services is not very detailed and takes the less time.
Review of secure wipe solution devices
As per data destruction company’s experience, reviewing the processes of secure data destruction services is not the only assurance required by the companies. If the company is using secure wipe solution devices, then periodic review and maintenance of these devices should also be done. Secure wipe solution devices include devices such as degausser and standalone secure data deletion machines.
Review of secure data deletion competencies
Review of secure data deletion competencies is an important element along with reviewing the secure data destruction services process. Companies should review competencies and expertise of secure data destruction services provider and ensure their staff get secure data deletion training course during implementation of secure data destruction services.
Review of secure data destruction services results
The aim of secure data destruction services is to ensure that drive’s secure data erasure happened effectively. Normally companies don’t have access to data recovery laboratory infrastructure to review hard drive’s secure data erasure. Credibility of secure wipe solutions and secure data destruction services can easily be reviewed via full reading of all accessible areas on the drive to verify results.
During a full review, the drive should be read completely to verify that no data exists on the drive. This type of review will take lot of time and effort but this method guarantees the effectiveness of secure wipe solutions and secure data destruction services.
According to data wiping services experts, companies can also choose sampling review method for reviewing credibility of secure wipe solutions and data wiping services. However companies should consider following points while using sampling review method:
- In the market there are many secure wipe solutions and data wiping services that only wipe a subset of drive, thus to avoid incomplete hard drive’s secure data erasure companies can review pseudorandom locations on the drive while verifying the credibility of secure wipe solutions and data wiping services. Along with pseudorandom locations on the drive the sample review method must also select hard drive’s subsections for verification. The best way is to avoid incomplete hard drive’s secure data erasure is to select at least two non-overlapping pseudorandom locations from within every subsection selected. As per secure data destruction company’s expert, each sample should cover at least 5% of the subsection and should not overlap the other sample in the subsection.
- Another important point to be considered while sampling is to select first and last addressable location on the storage device as some secure wipe solutions and data wiping services don’t delete data from first and last addressable location thus leading to incomplete hard drive’s secure data erasure.
- For encrypted data deletion, sampling review process should work differently as the original data content is unknown and comparison is not possible. When Cryptographic Erase is leveraged, there are multiple options for verification, and each uses a quick review of a subset of the media. Encrypted hard drive’s secure data erasure involves a selection of pseudorandom locations in different subsections for sampling. However the process involves looking for a file in known locations and thus the percentage of addressable area is relatively small, mentions a secure data destruction company’s expert.
- During the review of secure wipe solutions and data wiping services, it’s also recommended to select a subset of media items for review using a different review tool. As per recommendations from data destruction company experts, during this review at least 25% of wiped media should be considered. This review method will help to compare and validate the effectiveness of hard drive’s secure data erasure.
Enterprises can easily decide what procedure is appropriate for what kind of scenario with the help of a data destruction company or data wiping services professionals. Also the enterprise professionals should get trained in reviewing the secure data destruction results and processes to verify the credibility of different solutions and services.
The secure data destruction services, secure wipe solutions & training course should help to identify and resolve risks associated with data management in your organization. The secure data deletion methodology should be very different from traditional methodology of data destruction companies. The secure data deletion methodology should be based on a process of manual and automated verification procedures using our own scripts, proprietary, commercial and open source tools that identify all types of recoverable data.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.