Data management is a challenging task for any company, but it can be challenging when you are trying to erase data on the drive. Managing the process of wiping and erasing data from your hard drives is an essential part of your security strategy.
It takes time, money, and expertise to do this right. Every company should also follow some standards while eliminating this piece of information. If you’re looking for some guidance on what standard might work best for your organization, here are some standards you can consider.
Data protection standards need to be implemented across all departmental levels. Photo by Mikhail Nilov from Pexels.
The Importance of Data Wiping
Data wiping aims at ensuring that information isn’t readable anymore. It can be done by software, hardware or other methods like degaussing (demagnetizing), destruction or overwriting. The goal is to ensure that any type of data, like text, pictures or videos, can’t be accessed and read by unauthorized individuals.
This process needs to happen before you get rid of your device or sell it. By doing this, you’ll prevent any sensitive information you have from falling into the wrong hands. You’ll also protect yourself from any possible identity theft or fraud.
A List of Data Erasure Standards
There are many data wiping standards that you should be aware of. Each of these standards has its specific data wiping and erasure methods. If you want to find out the one that suits your needs best, you’ll need to do some research. The most common data erasure standards include:
NIST 800-88 Guidelines for Media Sanitization
This standard guides the sanitization of magnetic and optical media. Media is considered sanitized when it has been rendered unreadable or unusable. The standard defines three levels of media sanitization:
Level 0 - Clearing
This level clears the data from the media but does not ensure that it’s unreadable. It’s suitable for bulk erasure and transfer for reuse and decommissioning or repurposing the media.
Level I - Purging
This level enables only authorized people to read the data on media by ensuring any information retained is insufficient to compromise security when mishandled, misused or disclosed to an unauthorized third party. It’s perfect when you need to reuse media but can’t ensure that all copies of the data have been destroyed.
Level II - Destruction
This level physically destroys the media, so it’s no longer readable or reusable. It’s ideal for a single-use, such as bulk data center destruction of drives from decommissioned servers. It’s also useful when the data is sensitive and must be protected through complete destruction. Once destroyed, it’s impossible to recover any information from the media.
Remember to always follow recommended best practices for your data destruction processes. Photo by Barez Omer on Unsplash.
NIST 800-53 Rev. Four Security Controls
This standard provides information security risk management guidance and addresses regulatory compliance requirements. It includes controls to protect against unauthorized access, use, disclosure, alteration, or destruction of information.
The controls are organized into families that address specific safeguarding systems and data aspects. They include security controls for information systems, personnel and training security controls, technical management security controls, system and services acquisition, development and implementation security controls and operations security controls. Using this standard in your organization will ensure that your data is protected, and it’ll mitigate the risk of noncompliance.
ISO/IEC 27001:2013
This standard provides requirements for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all aspects of information security, from data classification to incident response.
Using ISO/IEC 27001:2013 certification will enable your organization to meet compliance requirements. It specifies the general principles and requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented management system to address all aspects of information security. This certification will also provide you with the assurance that your data destruction process meets the requirements of a recognized standard.
DoD 5220.22-M standard
The Department of Defense (DoD) 5220.22-M data sanitization standard is a common method for permanently removing information from magnetic computer tape, hard drives and solid-state memory devices. This standard was created in 1988 by the National Industrial Security Program Policy Advisory Committee to provide users with guidance on erasing or reformatting changes in file access control lists so that the original filenames are no longer valid, making it difficult or impossible to recover files using conventional system utilities.
The DoD 5220.22-M standard consists of three distinct methods for purging classified media: degaussing, physical destruction and chemical wiping.
1. Degaussing involves exposing media to a strong magnetic field that scrambles stored bits to prevent the original data from being recovered by conventional methods.
2. Physical destruction involves destroying the media with a grinder, shredder or crusher, while chemical wiping uses solvents to remove magnetic domains from computer tape and hard drives.
3. Wiping can be used in conjunction with other erasure standards such as DoD 5220.28-STD (erasure of floppy disks, hard drives and solid-state memory devices), the British HMG IS2022 standard (for sanitizing removable magnetic media), Canadian GC05-STD (magnetic tape) and other standards. In this case wiping is used to remove residual data left on storage devices after erasure using one of these standards.
Prevent any sensitive information from falling into the wrong hands by thoroughly wiping your data before disposing of your assets. Photo by David Hofmann on Unsplash.
Blancco Data Erasure Standard
Blancco Data Erasure Standard is the most widely used data erasure standard globally, offering an easy-to-use tool for IT professionals and consumers alike. With a wide range of features to protect organizations from security breaches or law enforcement investigations, Blancco’s intelligent algorithm can be customized by setting specific overwrite patterns that conform to international standards such as DoD 5220.22 M (ECE), BSI/VSITR 5725 (DE), sanitization requirements under ISO 15408 ‘Information Technology – Security Techniques – Evaluation Criteria for IT Security (ISO 15408) and more.
You can use this standard to erase data from SSDs, HDDs, USB flash drives and memory cards. The National Institute of Standards and Technology (NIST) has developed guidance for media sanitization called Special Publication 800-88 ‘Guidelines for Media Sanitation.
This guidance provides recommendations on using approved sanitization methods to protect information assets residing on magnetic media or SSDs from accidental or intentional corruption and to ensure proper disposal.
In addition, Blancco is an FIPS 140-certified solution, which means that it can be used by state agencies and regulated industries such as financial services companies and healthcare organizations for data erasure because of its strong encryption and security features.
The Bottom Line
Data wiping and erasure is necessary to ensure your information is secure and private. There are a variety of standards that you can use to achieve this, each with its benefits and drawbacks. It is crucial to choose the standard that is right for you, considering your specific needs and requirements. This list can help you make the best decision.
SPW is Asia's go-to solutions provider for data destruction, data erasure, IT asset remarketing, and environmentally-responsible IT asset disposals. Contact us and learn how you can incorporate an ITAD strategy into your business today.
