Every business has data that must be destroyed. Data security has become a primary concern for top executives, according to a NAID report of a Conference Board survey. While hackers and viruses present a constant threat, a study by Gartner indicates that 90% of all security breaches were “self-inflicted.” In other words, these problems are avoidable if a company takes the right steps.
One area that is often misunderstood, or completely overlooked, is hard drive sanitization—the process of removing data prior to disposal or recycling. While there are several methodologies for eliminating data from hard drives, there are problems with each method. High costs, slow process times, uncertainty of the effectiveness of the method and questionable chain of custody must be considered before implementing a sanitization strategy.
Secure Erase is technology that is embedded in the firmware of modern ATA/IDE, and SATA hard drives. It is designed to purge all of the data on the hard drive beyond forensic reconstruction. Under the direction of the US National Security Agency and other government departments, along with a group of hard drive manufacturers, the Center for Magnetic Recording Research (CMRR) at the University of California at San Diego, headed up by Dr. Gordon Hughes, were mandated to develop a standards based, efficient and effective protocol for hard drive sanitization. Secure Erase was established as part of the IDE / ATA and SATA standard for manufacturing in 2002, but has been implemented in pre-standard deployment in many ATA and IDE devices as early as 1999.
Despite the proven effectiveness of Secure Erase, it cannot be effectively deployed through software execution for a host of reasons. The primary obstacle is due to fact that the Operating systems and BIOS manufacturers quickly identified that the potential execution of the secure erase process by user error, virus or malware would have catastrophic results. It is for this reason alone that software solutions are unable to reliably employ the power of Secure Erase.
Secure Erase is a highly efficient technology that executes 8 – 18 times faster than software solutions that perform single or multipass overwrite cycles. Secure Erase is classified as a purge technology (a higher level of security than software based products which all fall under the clear category) by the US Guidelines for Media Sanitization set forth in the National Institute for Standards and Technology’s Special Publication 800-88. In fact, Secure Erase is the “best option for an organization” whenever it is available on the hard drive in question according to these guidelines. Additionally, as a purge technology, Secure Erase provides equal to or greater effectiveness than degaussing methods from a security standpoint, while providing the ability to reuse the drive.
As secure erase is executed from the firmware of the hard drive, it is an atomic process (meaning, once initiated, it is self-sustaining, and requires only power to continue to perform the erasure), and it is also non-discriminatory (meaning that it does not avoid “bad-sectors” and purges every sector of every drive, regardless of health, unlike standard overwrite routines). Due to embedded drive controller technology, software products will typically avert any sectors or tracks flagged as bad by the controller electronics, leaving these sectors intact with recoverable data. The secure erase command takes direct control over the internal drive operation, and is able to bypass controller limitations and use privileged commands optimized for the secure erase process.
Upon executing a secure erase process, the device will be locked down until the sequence is completed. Failure to complete the process due to loss of power, communication failure, or other technical fault will render the device unusable until the secure erase process is reinitiated and completed. The drive is secured with a 32-bit password until the secure erase process is complete. As a purpose built appliance, the Digital Shredder monitors for process failure and will provide indications to the technician processing the device of such an occurrence. Likewise, the Digital Shredder will not issue a certificate label or log the process as complete, unless the device properly completes the secure erase process. On the Digital Shredder, this type of “false positive” protection extends into its overwriting processes as well.
To find out more on the current methodologies based on effectiveness, cost, time and other practical considerations. And how Ensconce Data Technology’s (EDT) new DIGITAL SHREDDER product can provide you with in-house sanitizing that successfully addresses all decommissioning concerns, please contact MultiShred at 613-226-6758.
- Ensconce Data Technology's Digital Shredder
- The Digital Shredder (DS) is the central component in an organization's overall sanitization policy. By combining the best available erasure techniques into an integrated, portable environment, you can avoid the problems associated with unintentional loss of data.
- Based on an industrial-grade, single-board computer, the DS has been custom built to overcome the limitations of today’s product set. Its unique design circumvents the limitations imposed by PC BIOS and high-level operating systems…no need to install software on every PC; no need to create boot disks.
- Secure Erase - The DS will use the strongest and fastest erasure method known – secure erase–on all ATA and SATA drives. In the event the target drive is too old to have the internal commands, or is an SCSI drive, the DS will automatically detect this and recommend an alternative erasure method.
- Multiple Drive Support - The DS supports ATA/IDE, SATA and SCSI drives, and it can do so simultaneously. Multiple drives can be processed at once, making IT resources more efficient. There is also no need to wait for all the drives to complete the routine. Hot swappable bays allow drives to be inserted at any time.
- Cable-Free and Tamper-Proof Drive Bays - Due to extensive customer feedback about ribbon cables and power connectors, EDT has engineered an easy-to-use drive interface called a “Personality Block.”
- Different personality blocks fit different drive formats and manufacturers. Once inserted, the bays are electronically locked during the erasure to insure that no one can interrupt the process, even if you step away.
- Portable Design - Completely integrated design eliminates the need for a keyboard or mouse. The DS weighs less than 10 lbs. (carrying case optional), so it can be used in the field versus locked in a rack.
- Certification Labels - The Digital Shredder includes a laminated label printer that produces certification labels that can be applied directly to processed drives. Labels can only be printed at the end of a successful erase procedure (or can be reprinted by the system administrator). This ensures that the process was completed. The label includes all pertinent information pertaining to procedure used, user’s name, date/time, method used, elapsed time and the hard drive’s serial number.
- Built-In Security - Required username/password login insures that no malicious destruction of drives is possible.
- User Programmable Scripts - Allows users to not only erase drives, but also prepare them for reuse.
- Erased drives can be partitioned, formatted (various file systems supported) and even receive a binary image copy from a drive in another bay.
- No License Fees - No per-disk fees, port dongles or boot disks. Simply insert and erase. Software updates can be downloaded from the Ensconce Data Technologies website
- (http://www.ensconcedata.com/) and loaded via USB port on the back of the device.
- NMSO Standing Offer No. E60QE-08BIO4/002/QE.
- Secure Erase vs. Software Overwriting
- Secure Erase and commercial software differ in a variety of key and important ways. Secure Erase’s superiority is outlined in the United States Guidelines for Media Sanitization published by The National Institute of Standards and Technology (NIST). NIST Special Publication 800-88 serves as the benchmark for hard drive sanitization methodologies in the United States. The term DoD 5220 is used fairly often in software marketing collateral. DoD 5220 has not recommended overwriting or any hard drive sanitization methodology since the 1994 revision. Every version of DoD 5220 since that year makes no mention of hard drive erasure methodologies. The only national guideline is NIST SP 800-8:
- On page 19, it rates different sanitization procedures. It defines software overwriting as a “clearing” methodology, while secure erase is defined as a “purge” technology. What does this mean?
- The NSA and NIST define “clearing” only secure up to the degree that the data may not be reconstructed using normal system capabilities (i.e. through the keyboard).
- The NSA and NIST define “purging” as rendering the data secure to the degree that the data may not be reconstructed through open-ended laboratory techniques.
- The Guidelines recommend Secure Erase as the best option for an organization (page 30). The United States Guidelines for Media Sanitization clearly recommends Secure Erase over any overwrite procedure.
- In addition to the United States, a variety of other countries have published hard drive sanitization guidelines that recommend Secure Erase:
- United Kingdom - HMG Infosec Standard No. 5; Secure Sanitisation of Protectively Marked Information or Sensitive Information – Issue 2.0, September 2007 (IS5)
- United Kingdom - CESG Manual S; Guidance on Secure Sanitisation and Disposal – Issue 2.0, September 2007 (MANS)
- Australian Department of Defence; Intelligence, Security and International Policy Defence Signals Directorate - Information and Communications Technology Security Manual - ACSI-33 http://www.dsd.gov.au/_lib/pdf_doc/acsi33/acsi33_u_0907.pdf
- Royal Canadian Mounted Police; Canadian Government Policy and Procedures for Media Sanitization - RCMP B2-001
- Secure Erase is currently being evaluated for EU common criteria. The fact remains the same – Secure Erase is a higher standard than any software overwrite. Secure Erase has been a global hard drive manufacturing standard since 2002. It is now embedded in the firmware of hard drives.
- Beyond the legislative considerations of Secure Erase as a superior solution, there are everyday applications of this sanitization standard that highlight its benefits over Software Overwriting. These benefits impact organizations in their day to day execution of their Media Sanitization Policy and Procedures. The table below illustrates how Secure Erase, when employed through the use of the EDT Digital Shredder, is the most effective and efficient Best Practice Solution for Media Sanitization.
- In summary, the Digital Shredder and Secure Erase offer a superior solution to that of Software Overwrite. From domestic and international legislation to everyday applications, the Digital Shredder represents a higher level of compliance, security and efficiency. This single point solution represents the best media sanitization option. The short-comings of Software Overwrite becomes obvious when legislative and day-to-day usage factors are considered.
Philips LFH 0388
Sound Business Products (613) 723-9509