Cryptographic erasure (often abbreviated as Crypto Erase) is one of the three methods that can achieve data sanitization. It has proven to be extremely effective at making data unrecoverable if the proper steps are in place and verification and certification are achieved. Here’s how:
Cryptographic erasure erases the encryption key of a self-encrypting drive. The encryption algorithm must be at a minimum of 128 bit for the process to be successful. While the data remains on the storage device itself, by erasing the original key, the data is effectively impossible to decrypt. Thus, the data is rendered unrecoverable. To achieve cryptographic erasure, the following steps must be achieved.
Steps to Achieve Cryptographic Erasure:
- The encryption on the storage device must be turned on by default and provide access to the API call to the storage device to remove the key, which allows cryptographic erasure to be supported.
- The software must verify the encryption has removed the old key and replaced it with a new key, rendering the data encrypted using the previous key unrecoverable.
- The cryptographic erasure software must produce a tamper-proof certificate containing information that the key has been successfully removed, along with data about the device and standard used.
Pros & Cons of Cryptographic Erasure
Like any data sanitization method, there are advantages and disadvantages to using cryptographic erasure.
Advantages of Cryptographic Erasure:
- Ideal solution when storage devices are in transit or require a fast erasure process (e.g., before internal deployment within the same company or in environments in which data must be obfuscated quickly)
- Faster than overwriting, and encryption algorithms are typically created by trusted technology vendors
- Devices are still useable because they can keep their original integrity and retain their warranties
Disadvantages of Cryptographic Erasure:
- Process relies heavily on the manufacturer, where implementation issues could occur
- Users can impact the success of cryptographic erasure through human errors and broken keys
- Doesn’t always meet regulatory compliance requirements because it does not include the steps of verification and certification
- Only valuable for drives that are encrypted be default, and it doesn’t do data destruction to fully remove data, meaning recovery is sometimes possible
- Even when a primary Crypto Erase key is deleted, there are often more backups to that key
- The unpredictable pace of technological development could render many encryption methods unreliable in a few years’ time
All organizations must determine their unique risk tolerance to decide which data sanitization method(s) is right for them.
Learn more about cryptographic erasure and how you can understand your organization’s risk tolerance. Download the white paper, “The Crypto Erase Conundrum: What’s Your Organization’s Risk Tolerance?“