The Limitations and Risks of Manual Data Erasure Policies
Many companies have different policies for physical IT asset management and data lifecycle management (DLM), but no policy is efficient unless properly executed in practice.
Data Lifecycle Management Involves More than Managing Assets
Usually, organizations implement data erasure policies as a part of their physical asset management policy. When performed properly, the policy guarantees all confidential data is removed from each asset before it leaves the organization.
The weakness of this approach is that data lifecycle management is heavily tied to each physical asset’s lifecycle. However, often the data lifecycle is much longer or shorter than the asset lifecycle, depending on the type of data.
Data Lifecycle Management Depends Heavily on Proper Execution
Effective data management, including data retention and data erasure management, involves well-thought-out procedures. It also involves applications that help automate data management tasks and accurately execute data management policy—without extra work for IT administrators.
Not only does automating data lifecycle management tasks save staff time, it also ensures that data that is no longer needed is removed at regular intervals, minimizing your risk of data leakage, breach, or other exposure. Automation also lessens the chance of human error in executing against your organization’s policies.
Automating End-of-Life DLM Tasks Ensures Compliance, Saves Time
When it comes to data lifecycle management, Blancco’s automated solutions help you manage any obsolete data that needs to be erased.
Let’s take a look at how this works for an enterprise organization’s end user files—including those confidential or sensitive business or customer files that staff and others may neglect or keep too long if not addressed regularly.
Is That Confidential File Really Deleted?
Challenge 1: Misunderstanding File Deletion
The Windows Recycle Bin is a handy feature that allows users to recover files that have been accidentally deleted. However, its use can be risky. The user may think that a confidential file has been deleted when it has only been moved to the Recycle Bin. As its name implies, files within the Recycle Bin can be easily recovered without any special tools.
Some users are already familiar with the more advanced “Shift + Delete” key combination that deletes files without moving them to Recycle Bin first. But has the file really been deleted?
Actually, the contents of the file will remain on the drive until the section of the drive is overwritten by another file. Even though Windows does not offer easy options to recover files that were deleted using the “Shift + Delete” method, there are plenty of free, easily downloadable tools available to recover these deleted files.
In order to make sure that any deleted information cannot be recovered, you will need to use tools that are proven to securely erase data. However, the challenge is that it can be difficult get others to use these tools in a business environment.
Challenge 2: The Human Factor
Quite often, even when a new solution has been implemented across the organization, people are reluctant to use it. Or, they may simply sometimes forget. Sometimes tools are time consuming to use or rely too much on end-user behavior to be properly carried out.
That’s why it’s really important that routine tasks be automated and performed without user interaction.
How Blancco File Erasure Supports Policy Compliance for End-of-Life Data
One of our solutions that helps organizations meet industry-mandated or internal requirements set for end-of-life enterprise data management is Blancco File Eraser.
Blancco Software Automates Complete Data Erasure with Scripting and Windows Tools
Blancco File Eraser supports command line options to allow an administrator to automate secure file erasure through scripting, ensuring that both security and data management policies are correctly followed. That includes those that need to adhere to U.S. Department of Defense 5220.22-M, NIST Clear or other standards your organization adheres to to meet security and regulatory compliance requirements.
These scripting options may vary from simple batch scripts that erase the contents of the Recycle Bin to more advanced Power Shell scripts that erase files in a user profile based on more complicated file-matching criteria. By combining scripts with exiting Windows tools like Task Scheduler and Group Policy, an administrator can distribute file erasure rules over a large company network.
Blancco File Eraser also combines with File Classification Infrastructure (FCI). With FCI you can make sure that if, for example, a confidential document leaves a specific folder, Blancco File Eraser will automatically erase the file before it’s saved to the wrong location.
Here are a few examples of Blancco File Eraser’s built-in functions that can be used for automating file erasure:
- Erases files and folders older than a certain date
- Erases files and folders older than a certain number of days
- Erases files by file type (all .docx or .pdf files for instance), and can be combined with date/day parameters
- Erases temporary files
- Erases the Recycle Bin
- Erases Free Disk Space
- Erases Slack Space
Blancco File Eraser Simplifies Data Deletion for Users, Provides Erasure Validation to Administrators
Earlier on, I stated that users do not necessarily pay attention if the files are moved to the Recycle Bin or deleted by using the more advanced “Shift + Delete” option. For erasing both Recycle Bin and deleted files you can use following approach:
- Define a script that executes Blancco File Recycle Bin erasure. Next, empower Windows Group Policy settings. Define that the erasure script is run every time the user logs out from the system.
- Create a scheduled maintenance task that executes Blancco File Free Disk Space erasure.
Combining and automating these two Blancco File erasure operations ensures that files meant to be deleted are actually removed. Maintenance operations can be enhanced with slack space erasure and many more options.
Each erasure status can be also integrated with Windows Event Viewer. This allows an administrator can easily monitor any exceptions to the erasure process.
The actual erasure report is of critical importance, too. It provides detailed information about each erasure, including proof of erasure for later auditing.
Success! Data Lifecycle Policy Compliance—And an Audit-Ready Report to Prove It
In the end, you have a systematic, automated approach to managing and protecting your confidential data when it reaches end-of-life. You’ll also have audit-ready proof of having abided by your data protection and retention policies. Plus, you have confidence that policies are being adhered to faithfully and thoroughly as you manage data throughout your organization.
You can test these options within your own enterprise environment with a free Blancco File Eraser trial: Visit our Blancco File Eraser page for details and get started automating a critical component of data lifecycle management tasks.
Originally published July 30, 2014, and updated May 30, 2019.