Data Sanitization - How Many Overwrites of a Hard Disk Are Required for Complete Data Erasure? It might be less than you imagine.

It all comes to 1's & 0's when we think about data.

Let's see how to handle our data and how to destroy it!

How Many Overwrites of a Hard Disk Are Required for Complete Data Erasure? It might be less than you imagine.

Even with the use of cutting-edge laboratory techniques, a single overwrite pass with a predetermined pattern, such as binary zeros, often makes it more difficult to recover data from storage devices with magnetic media. But it is also important to address the drive's concealed parts.

The National Institute for Standards and Technology's NIST 800-88 is well-known for its three media sanitization categories: Clear, Purge, and Destroy. Magnetic, flash-based, and other storage technologies can all be used using its principles. Additionally, it might include anything from servers and USB drives to mobile devices and even future technology.?

Decisions for information disposition and sanitization are made at various stages of the system life cycle. At the beginning of a system's development, important parameters that affect information disposition and media sanitization are chosen. Hardware and software specifications, connectivity diagrams, and data flow documentation that help the system owner identify the different media types used in the system should all be included in the initial system requirements. What alternative media will be utilized to create, capture, or transfer information used by the system should be decided during the requirements phase. In this analysis, the risk to secrecy is balanced against business demands.

The process of media sanitization and information disposal is often at its peak during the system life cycle's disposal phase. Nevertheless, many different forms of data-containing media will be transported over the course of an information system outside the organization's direct control. This action might be taken during maintenance, system upgrades, or configuration updates.

Need for Proper Media Sanitization and Information Disposition:

One important aspect of ensuring confidentiality is media sanitization. "Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information," according to the definition of confidentiality.

Organizations must properly safeguard used media in order to have appropriate controls on the information they are responsible for safeguarding. Dumpster diving for improperly disposed hard copy media, acquisition of improperly sanitized electronic media, or keyboard and laboratory reconstruction of media sanitized in a manner not commensurate with the confidentiality of its information are all common sources of illicit information collection. In and out of organizational control, media flows through paper recycle bins, out to vendors for equipment repairs, and hot swapped into other systems in response to emergencies. This potential vulnerability can be mitigated through proper understanding of where information is location, what that information is and how to protect it.

Types of Media:

There are two primary types of media in common use:

1. Hard Copy. Hard copy media is physical representations of information. Paper printouts, printer, and facsimile ribbons, drums, and platens are all examples of hard copy media. These types of media are often the most uncontrolled. Information tossed into the recycle bins and trash containers exposes a significant vulnerability to “dumpster divers”, and overcurious employees, risking accidental disclosures.
2. Electronic (or soft copy). Electronic media are the bits and bytes contained in hard drives, random access memory (RAM), read-only memory (ROM), disks, memory devices, phones, mobile computing devices, networking equipment, and many other types.

Types of Sanitizations:

The key to determining how to manage media in an organization is to consider the information first, followed by the media type. Decisions on how to deal with the media should be driven by the security categorization of the information, as well as internal environmental factors. Again, the key is to consider information confidentiality first, then media type. There is information in organizations that is not associated with any categorized system. This data is frequently found in hard copy internal communications such as memos, white papers, and presentations. This information is sometimes considered sensitive. Internal disciplinary letters, financial or salary negotiations, and strategy meeting minutes are some examples.

In addition to assigning a form of sanitization outlined in this article, organizations should label these media with their internal operating classifications. Each form of media requires a distinct kind of sanitization. Four categories—disposition, clearing, purging, and destruction—are used to categorize media sanitization. There are methods of disposal when media are merely thrown away without any further consideration. Some media can be merely discarded if the exposure of material would not affect the corporate mission, would not cause harm to organizational assets, would not cause financial loss, and would not cause harm to any individuals. Disposal is brought up to reassure companies that not all media needs to be sanitized and that handling media containing non-confidential information may still be done via disposal. Since disposal is not technically a type of sanitization, it will not be mentioned or addressed outside of this section.

Let us see...

1. Disposal - Disposal is the act of discarding media with no other sanitization considerations. This is most often done by paper recycling containing non-confidential information but may also include other media.
2. Clearing - Clearing information is a level of media sanitization that would protect the confidentiality of information against a robust keyboard attack. Simple deletion of items would not suffice for clearing. Clearing must not allow information to be retrieved by data, disk, or file recovery utilities. It must be resistant to keystroke recovery attempts executed from standard input devices and from data scavenging tools. For example, overwriting is an acceptable method for clearing media. There are overwriting software or hardware products to overwrite storage space on the media with non-sensitive data. This process may include overwriting not only the logical storage location of a file(s) (e.g., file allocation table) but also may include all addressable locations. The security goal of the overwriting process is to replace written data with random data. Overwriting cannot be used for media that are damaged or not writeable. The media type and size may also influence whether overwriting is a suitable sanitization method. Studies have shown that most of today’s media can be effectively cleared by one overwrite. Specific recommendations for clearing different media types may vary as per requirements.
3. Purging - Purging information is a media sanitization process that protects the confidentiality of information against a laboratory attack. For some media, clearing media would not suffice for purging. However, for ATA disk drives manufactured after 2001 (over 15 GB) the terms clearing, and purging have converged. A laboratory attack would involve a threat with the resources and knowledge to use nonstandard systems to conduct data recovery attempts on media outside their normal operating environment. This type of attack involves using signal processing equipment and specially trained personnel. Executing the firmware Secure Erase command (for ATA drives only) and degaussing are examples of acceptable methods for purging. Degaussing of any hard drive assembly usually destroys the drive as the firmware that manages the device is also destroyed. Degaussing is exposing the magnetic media to a strong magnetic field in order to disrupt the recorded magnetic domains. A degausser is a device that generates a magnetic field used to sanitize magnetic media. Degaussers are rated based on the type (i.e., low energy or high energy) of magnetic media they can purge. Degaussers operate using either a strong permanent magnet or an electromagnetic coil. Degaussing can be an effective method for purging damaged media, for purging media with exceptionally large storage capacities, or for quickly purging diskettes. Degaussing is not effective for purging nonmagnetic media, such as optical media [compact discs (CD), digital versatile discs (DVD), etc.). If purging media is not a reasonable sanitization method for organizations, I strongly recommend that the media to be destroyed.
4. Destroying - Destruction of media is the ultimate form of sanitization. After media are destroyed, they cannot be reused as originally intended. Physical destruction can be accomplished using a variety of methods, including disintegration, incineration, pulverizing, shredding, and melting. If destruction is decided upon due to the high security categorization of the information or due to environmental factors, any residual medium should be able to withstand a laboratory attack.

a. Disintegration, Incineration, Pulverization, and Melting. These sanitization methods are designed to completely destroy the media. They are typically carried out at an outsourced metal destruction or incineration facility with the specific capabilities to perform these activities effectively, securely, and safely.

b. Shredding. Paper shredders can be used to destroy flexible media such as diskettes once the media are physically removed from their outer containers. The shred size of the refuse should be small enough that there is reasonable assurance in proportion to the data confidentiality level that the information cannot be reconstructed. Optical mass storage media, including compact disks (CD, CD-RW, CD-R, CD-ROM), optical disks (DVD), and magneto-optic (MO) disks must be destroyed by pulverizing, crosscut shredding or burning. Destruction of media should be conducted only by trained and authorized personnel. Safety, hazmat, and special disposition needs should be identified and addressed prior to conducting any media destruction.

Identification of the Need for Sanitization:

Choosing whether and when to sanitize media is one of the initial steps in making a sanitization choice. Media containing representations of the data stored in the system are produced at every stage of the system's life cycle. These media can be simple data prints, screenshots, or cached memories of user actions, among other formats. In order to keep adequate control over the information, organizations must be aware of which media are being used to capture data and when. Organizations will be able to tell when adequate media disposal sanitization is required thanks to this understanding. These decisions on proper disposal can be as simple as ensuring placement of paper shredders in work areas during system steady-state activities or address destroying electronic equipment at the end of its life cycle.

Documentation:

An organization must keep a record of its sanitization in order to show what media were sanitized, when, how they were cleaned, and how the media were eventually disposed of. It is frequently due to poor record keeping and media sanitization that an organization is thought to have lost control of its information. In order to maintain effective accountability of equipment and inventory control, organizations should make sure that property management representatives are included in the documentation of the media sanitization process. Organizations should carry out prudent documentation procedures for media carrying information of low security category.

All in all, by focusing on erasing and reusing assets instead of physically destroying them, organizations can improve their security posture and address corporate social responsibility requirements, while also ensuring compliance with local and global data privacy requirements.

Thanks for reading.