What is Media Sanitization?

According to the NIST 800-88 Guidelines for Media Sanitization, “media sanitization refers to a process that renders access to target data on the media infeasible for a given level of effort.” In other words, media sanitization is a technique used to keep your confidential information safe.

There are two main types of media that your organization has to worry about. Hard copy: which is all the paper documents, reports and possible written notes that may include important confidential company information. Soft Copy: which includes your electronics such as computer hard drives, DVDs or CDs, mobile devices or other office equipment that may store information. Both types of media are susceptible to falling into the wrong hands. Both hard and soft copy that are improperly disposed of can be recovered by thieves who go dumpster diving or simply the next user of a device.

The solution to sanitizing hard copy is relatively easy— paper should be destroyed using shredders, pulverizers, or disintegrators. Sanitizing your most confidential digital information is not quite as easy, and that’s where Clarawipe comes in. There are three ways to sanitize digital data: clearing, purging and destroying.

Clearing is a process in which all areas on a storage device (e.g. a hard drive) are overwritten with new values. For instance, imagine you have several private files stored on your computer. Clearing these files would involve going through and writing 0’s over your entire hard drive to supplant your files. There are many other forms of clearing, some of which are built into the hardware, itself. Overall, clearing protects against simple, non-invasive data recovery techniques[1].

Purging takes protection a step further and aims to make data recovery infeasible, even using advanced recovery techniques. One more recent form of purging is Cryptographic Erasure (CE). The concept of CE is that each time you store data on your device, it is automatically encrypted with a key. Then, when it comes time to erase the information, instead of writing over all of the data, the key is destroyed, rendering the data fully unrecoverable. Again, there are many other forms of purging, such as encrypting the key with a meta-key and destroying them both. The important idea is that purging renders your information totally unrecoverable.

Physical Destruction also renders your information totally unrecoverable, but at the cost of reuse. Digital information can be destroyed by disintegration, pulverization, melting, incineration or shredding. These are processes that entirely transform a storage device, such as a hard drive, into an unusable and, therefore, 100% protected form.

Unfortunately for corporations, that’s not where the issue lies.  95% of data breaches are the result of human error, typically related to the secure chain of custody for the device.  Statistics aside, Clarabyte’s Clarawipe software provides industry leading best practices for companies that want to securely manage their data.  By removing all data with a serialized, automated, auditable report before a device is unplugged, you’ve removed the risk of a chain of custody break down.  From there, physical asset management can continue without extreme caution or concern.

When deciding upon a mode of sanitization, it is crucial to match the method to the media. Magnetic hard drives are often sanitized through the physical process of degaussing while a Solid State Drive based on transistor technology may require a more programmatic approach. It gets even more complicated when beginning to consider specific hardware implementations, as some manufacturers include built-in clear functionality or Cryptographic Erasure, whereas others do not.

Clarawipe is an independently certified platform that exceeds all current sanitization standards. We automate the dirty work of figuring out and carrying out whichever sanitization approach is best for you. For specific information on best practices for various devices see the NIST 800-88 Guidelines for Media Sanitization.

Remove the liability, and remove the risk.  Perform a Security Audit on your company’s Secure Data Management Policy.  If you don’t have one, start here.

Clarawipe makes it easy.  Schedule a demo today to bring peace of mind to your company’s data breach concerns.

Clearing Hard Copy Human Error NIST 800.88 Soft Copy

← Older Post Newer Post →