When we discuss the issues inherent in data wiping, data destruction, and data management, we tend to talk about these issues with solutions framed around the idea of tools and services. While there are a great amount of tools that can check for general failures, however, these failures are not caused by the lack of tools.
In other words, the lack of the solution is not the cause - the cause is something entirely different. When it comes to data destruction, the greatest point of failure for companies is the process itself - from identification to destruction, a failure at any point throughout this process is incredibly damaging in an exponential way.
In this piece, we’re going to address these processes, and identify a chain of actions that can be used effectively to oversee the data destruction process in an effective way.
The Importance of Processes
This all might seem like nitpicking, but processes are extremely important. Consider something extremely simple, a daily activity. In fact, let’s consider the most basic of activities - tooth brushing. To brush one’s teeth, an entire series of actions must be taken, in a specific order, to support each action afterwards. If you put your brush in your mouth and then applied toothpaste, you’d not only look silly, you’d be seriously ineffective in every other step that follows.
It might sound silly to read that passage while we talk about data destruction, but it’s a strong point if you truly consider it within the frame of your life. Everything from pouring cereal to brushing your teeth functions on a process, and a break in that process means the function itself is broken.
Why, then, should data be handled any different? A single point of failure, even if it seems minor, has a cascading effect. Poorly identifying data for deletion means that literally every other step that follows is fundamentally broken. Even a mistake in the later steps, deletion of data, could mean forensic remnants that are hugely damaging or even legal non-compliance that can cost upwards of hundreds of thousands of dollars.
The key here is to identify the basic steps of this process, and to properly order them.
Step 1 - Identify and Quantify
Firstly, we need to identify data that needs to be deleted. This can be done with a wide variety of solutions, but a good rule of thumb is that of access. If data has not been accessed over several weeks or months, review of that data should reveal whether or not it should be considered for deletion.
Do keep in mind that not all data that hasn’t been accessed over time should be deleted. As part of this first step, all data should be quantified and considered in the greater context of its hardware cost. Archiving long-term data such as quarterly reports and data is obviously worth more on the hard drive than the cost of storing such data, and should be considered for archival; on the other hand, a guideline document for a one-month contract five years previous is probably more acceptable for deletion.
Additionally, functional valuation of the data should be considered before anything is done. HIPAA data, as well as educational, governmental, and fiscal data, is protected by several laws, and thus storage requires a much more robust system of encryption and storage than any other type of data. Accordingly, moving or deleting this data requires much more time and a resource intensive oversight.
Conversely, some storage, especially data from the European Union, can only be stored for a certain amount of time, so destroying that data is often an economic reality that must be addressed. This should all be considered as part of this step.
Step 2 - Mark Data and Isolate
When data is identified and audited, it must be marked, moved, and isolated in preparation for data deletion. Data has a forensic value in that it remains on many hard disks as long as it’s not overwritten with other data or fully “blanked out”.
Accordingly, this data should be moved to another disk, the disk in which it was stored audited to remove any traces of the data, and the new deletion disk marked for wiping. This process of isolating data from other data is key to ensuring that the data destroyed is both only the data that must be destroyed, and that when it is destroyed, it is completely so.
For extremely valuable data, this disk should not be one in production. This data is marked for deletion, and as such, should be fully removed from the network, either by placing on an isolated station with extreme encryption and limited transfer capabilities, or by physically separated, non-network connected devices.
Step 3 - Securely Wipe Data
This is the meat of the process, and unfortunately, is where most failures occur outside of basic identification faults. When data is wiped, there’s several basic stages in which the data is pushed through.
First, the data is marked for erasure. Modern operating systems do not actually delete data when you click delete - doing so would be time and resource intensive, especially as disks grow larger and data becomes more compressed physically. Instead, they mark sections of data for overwriting purposes, telling the operating system “hey, you can write new data here”.
This is where the second stage occurs. In the second stage, data is logically overwritten. There are a wide variety of methods by which this is done, but they all function basically the same. Hard drives store data magnetically by setting a bit as either 1 or 0. When it’s logically overwritten, this data is written over with all 1’s, all 0’s, or a random assortment thereof.
This is a huge point of control for the data owner - the number and type of overwriting data passes are specified via the application. Many governmental and civic organizations have their own specific data deletion methodologies, and as such, this choice might be driven more by the type of data you have rather than any time or technology constraint.
Step 4 - Ensure Forensic Integrity
Finally, now that your data has been erased, you must ensure complete forensic integrity. Data leaves a trail, a ghost of sorts, and some failures might have occurred - for instance, a multi-pass data erasure might have failed on bad partitions or sectors, leaving chunks of data behind that might still be valuable.
Your entire goal in this step is functionally to audit the drive as you did in step one. Look for any remnant of data. If needed, do not be afraid to do yet another pass with your erasure solution.
For extreme cases, physical destruction is also a possibility. Hard drive shredders, electromagnetic systems, and other such solutions can physically render a drive not only writeable and unreadable, but essentially “no longer a drive”.
A great solution for data destruction is ClaraWipe. By matching and exceeding the most stringent industry data deletion schemas, ClaraWipe ensures that your data is properly - and securely destroyed beyond recovery.
ClaraWipe adheres to the following schemas, each considered a gold standard in their respective industries:
- Sarbanes-Oxley Act (SOx)
- HIPAA & HITECH
- The Fair and Accurate Credit Transactions Act of 2003 (FACTA)
- US Department of Defense 5220.22-M
- NIST 800-88
- CSEC ITSG-06
- Payment Card Industry Data Security Standard (PCI DSS)
- Personal Information Protection and Electronic Documents Act (PIPEDA)
- EU data protection directive of 1995
- Gramm-Leach-Bliley Act (GLBA)
- California Senate Bill 1386
With data destruction being so incredibly important, using the correct tool is not just a must - it’s a smart business choice.