What you will learn in this tip: When files, backup copies or data archives are deleted, they are not really gone...
for good and data may still be accessed. This tip provides information on data destruction services and data destruction technologies.
While the ability to clearly establish what data end-of-life really means is still a challenge for most companies, uncontrolled data growth is gradually resulting in the development of corporate policies regarding data storage and retention. Many policies are also driven or imposed by legislation and regulations such as the Privacy Act, Sarbanes-Oxley Act, Payment Card Industry (PCI) Data Security Standard, and other federal and state compliance requirements.
However, when it comes to legislation, most of the attention has been given to data retention and more specifically the ability to produce records when asked by a court of law or other legislative entity. Because of that, it is often assumed that once data has been marked for disposal, it no longer requires as much attention and as a result, the actual deletion process itself is sometimes loosely defined or not as stringent.
When it comes to paper records, running documents through a shredder usually does the trick in most cases and is a pretty straightforward process. But since electronic records are not physical, it is often (and falsely) assumed that a simple file deletion operation is the equivalent to shredding a paper copy; after all, once data is deleted it is typically no longer readily accessible by the operating system or application that created it. However, data deletion is not sufficient; in simple terms, deleting a file only removes its entry from the files system and marks the space (or blocks) it occupies as usable. Until the blocks are actually overwritten, the data is still there and can be retrieved. In fact, the disk space occupied by deleted files must be overwritten with other data several times before the entirety of the deleted data is deemed irretrievable (minimum of seven times as per the U.S. federal government's guidelines).
Data destruction policies
In many cases, disk or tape media is reused to store more data without a change of ownership and therefore, simple data deletion typically does not constitute much of an issue. However, when IT assets such as servers or disk arrays are retired, or when storage media has reached end-of-life, special care must be taken to ensure that any data they once stored is irretrievable. This process is sometimes known as hard drive sanitization and in some cases requires storage media destruction. It is often tempting for staff to innocently collect hard drives from decommissioned computer equipment for home use and this has lead to embarrassing situations and PR nightmares for some high-profile companies in the past because hard drives containing highly confidential data resurfaced in the wrong place.
The problem often starts with a lack of clearly defined policies around data destruction. Servers or disks are decommissioned without much thought being given to whether or not data is still accessible. There are a number of ways to dispose of data including automated multiple data overwrite with random byte patterns, disk degaussing and media destruction. What follows is a brief description of these methods.
Data overwrite programs
Some data overwrite programs can be downloaded for free such as Eraser and will overwrite data over 30 times. There are also commercially available products that will automatically overwrite a file with random data more than 100 times. Because of the time it may take to overwrite data up to 100 times, these products may not always be suitable for very large-scale tasks due to time constraints. These software offerings are too numerous to list but you should make sure they are at least DoD 5220.22-M compliant (U.S. Department of Defense Clearing and Sanitizing Standard).
Third-party services can also be used for media overwrite and each one of claim they have the best method. While there may be some merit in evaluating whether a solution that overwrites 100 times is superior to one that overwrites 20 times, it is probably a better idea to ensure that the service provider has auditable controls in place to ensure that nothing gets overlooked or left behind either by mistake or intentionally. Data Killers, Data Strategies International and IBM Corp. are some of the companies that offer disk cleansing as a service.
There may be instances where too many storage devices need to be sanitized at once or other special cases where overwriting does not get everything. For example, bad sectors on a disk may no longer be used by the operating systems because they have been marked as unreliable but they might still hold data that will not necessarily be overwritten depending on the product used. This is where degaussing can offer an alternative; this method uses a powerful magnetic field that basically neutralizes the "orientation" of the magnetized particles that make up the writeable surface of storage media. This method is typically used for erasing in bulk when media will be reused and must be free of retrievable data.
When multiple media overwrites or degaussing will not meet the requirements, physical destruction is the next option and is fairly common for media that has reached end of life such as tape, or to dispose of optical media that cannot be overwritten such as Write Once, Read Many (WORM) optical disk. There actually are shredders for tape, optical media and even hard drives that are used when media must be destroyed. Proshred, PC Recycler and MI Secure are just a few examples of companies that offer this type of service. There is a very convincing video on media shredding that can be viewed on YouTube that shows how effective this method is.
For the very security-conscious organizations, there might be requirements to destroy residual data in temporary storage such as RAM or battery-backed cache on storage arrays. These storage devices are often overlooked and can contain data that is still retrievable even once it is believed removed from other media types or the media itself destroyed. For a good and comprehensive paper on data disposal, see the National Institute of Standards and Technology (NIST) Special Publication 800-88, Guidelines on Media Sanitization.
About this author: Pierre Dorion is the data center practice director and a senior consultant with Long View Systems Inc. in Phoenix, Ariz., specializing in the areas of business continuity and DR planning services and corporate data protection.