- About the IDSC
- What is Data Sanitization?
- Policies & Standards
Data lifecycle management (DLM) is often used interchangeably with information lifecycle management (ILM). However, products that support DLM manage general attributes of files (i.e. type, size and age), whereas ILM goes beyond these general attributes to search for various types of stored files (i.e. specific piece of data, such as a customer number).
The distinction between ILM and DLM is important. EU General Data Protection Regulation: Right to be Forgotten, in effect since May 2018, gave customers the right to request their information be erased and to receive proof of erasure.
Information lifecycle management (ILM) is a comprehensive approach to managing the flow of an information system’s data and associated metadata from creation and initial storage to the time when it becomes obsolete and is destroyed.
The data security lifecycle (DSL) and information lifecycle management (ILM) differ based on the needs of the audience (security vs. operations). The lifecycle includes six phases from creation to destruction. Although it is shown as a linear progression, once created, data can bounce between phases without restriction, and may not pass through all stages. This is a summary of the lifecycle, and a complete version is available here.
Data hygiene is the process of ensuring all incorrect, duplicate or unused data is properly classified and migrated into the appropriate lifecycle stage for storage, archival or destruction on an ongoing basis through automated policy enforcement. By following data hygiene best practices, organizations are able to effectively manage ‘where’ their data is throughout the lifecycle and reduce the amount of data they store by successfully destroying the data to mitigate risks.
Data sanitization is the process of deliberately, permanently and irreversibly removing or destroying the data stored on a memory device to make it unrecoverable. A device that has been sanitized has no usable residual data, and even with the assistance of advanced forensic tools, the data will not ever be recovered. There are three methods to achieve data sanitization: physical destruction, cryptographic erasure and data erasure.
The process of shredding hard drives, smartphones, printers, laptops and other storage media into tiny pieces by large mechanical shredders or using degaussers.
Degaussing is a form of physical destruction whereby data is exposed to the powerful magnetic field of a degausser and neutralized, rendering the data unrecoverable. Degaussing can only be achieved on hard disk drives (HDDs) and most tapes, but the drives or tapes cannot be re-used upon completion. Degaussing is not an effective method of data sanitization on solid state drives (SSDs).
Physical destruction, when done according to updated requirements, is an effective method of destroying data to render the data unrecoverable and achieve data sanitization. While useful in cases where drives are irreparable or unable to be erased, physical destruction can be harmful to the environment and financially costly. This is because physical destruction of data storage hardware destroys the assets so they are unable to be reused or resold, shortcutting the lifespan of functional devices.
Cryptographic erasure is used interchangeably with Crypto Erase. Cryptographic erasure is the process of using encryption software (either built-in or deployed) on the entire data storage device, and erasing the key used to decrypt the data. The encryption algorithm must be at a minimum of 128 bits (go here for industry-tested and accepted algorithms). While the data remains on the storage device itself, by erasing the original key, the data is effectively impossible to decrypt. As a result, the data is rendered unrecoverable and is an appropriate method to achieve data sanitization.
Cryptographic erasure is a quick and effective method to achieve data sanitization. It is best used when storage devices are in transit or for storage devices that contain information that is not sensitive. Cryptographic erasure relies heavily on the manufacturer where implementation issues could occur. The users also could impact the success of cryptographic erasure through broken keys and human errors. But most importantly, cryptographic erasure still allows for the data to remain on the storage device and often does not achieve the regulatory compliance requirements.
Data erasure is the software-based method of securely overwriting data from any data storage device using zeros and ones onto all sectors of the device. By overwriting the data on the storage device, the data is rendered unrecoverable and achieves data sanitization.
Block erase can be a feature, but is often used interchangeably with data erasure. Block erase is the ability for vendor software to target the logical block addresses, including those that are not currently mapped to active addresses, on the storage device to erase all data on the device. However, if the block erase software does not provide for the 3 steps noted in the data erasure definition, it does not achieve data sanitization.
Data erasure is the highest form of securing data within data sanitization, due to the validation process for ensuring the data was successfully overwritten and the auditable reporting readily available. Data erasure also supports environmental initiatives, while allowing organizations to retain the resale value of the storage devices. Data erasure, however, is a timelier process than other forms of data sanitization. And, data erasure forces organizations to develop policies and processes for all data storage devices.
Data sanitization methods have been proven to render the data on the appropriate storage devices unrecoverable. But, many other terms are often used interchangeably, which result in incomplete data sanitization.