What is Cryptographic Erasure (Crypto Erase)?

Aug 08, 2017 Technical Article

Cryptographic erasure (often abbreviated as Crypto Erase) is one of the three methods that can achieve data sanitization. It has proven to be extremely effective at making data unrecoverable if the proper steps are in place and verification and certification are achieved. Here’s how:

This method erases the encryption key of a self-encrypting drive. The encryption algorithm must be at a minimum of 128 bit for the process to be successful. While the data remains on the storage device itself, by erasing the original key, the data is effectively impossible to decrypt. Thus, the data is rendered unrecoverable.

Steps to Achieve Cryptographic Erasure

  1. The encryption on the storage device must be turned on by default and provide access to the API call to the storage device to remove the key, which allows cryptographic erasure to be supported.
  2. The software must verify the encryption has removed the old key and replaced it with a new key, rendering the data encrypted using the previous key unrecoverable.
  3. The cryptographic erasure software must produce a tamper-proof certificate containing information that the key has been successfully removed, along with data about the device and standard used.

Pros & Cons of This Method

Like any data sanitization method, there are advantages and disadvantages to using cryptographic erasure.

Advantages of Cryptographic Erasure

Disadvantages of Cryptographic Erasure

All organizations must determine their unique risk tolerance to decide which data sanitization method(s) is right for them.

Learn more about cryptographic erasure and how you can understand your organization’s risk tolerance.

Download the whitepaper: The Crypto Erase Conundrum: What’s Your Organization’s Risk Tolerance?

Download Whitepaper