New IEEE 2883 Data Erasure Standard Fills Technology Gap

Sep 26, 2023 Blog Article

The Institute of Electrical and Electronics Engineers (IEEE) released a new standard in August 2022. Specifically for sanitizing logical and physical storage, it provides technology-specific requirements for eliminating recorded data. There are several advantages to this new IEEE standard that will appeal to enterprises when decommissioning laptops, desktops, drives, mobile devices, and other IT assets—whether they sanitize data storage media in-house or send them on an IT asset disposal (ITAD) or reverse logistics journey. Here’s an introduction to what the IEEE Standard for Sanitizing Storage is all about.

Bernard Le Gargean Bernard Le Gargean is the Product Manager of Blancco Drive Eraser, the Blancco solution to erase and diagnose laptops, desktops and servers. In this role, he understands customers’ needs and technology trends in order to translate them into product implementations. He defines the product roadmap, the features priority and steers their development. He’s a data erasure expert that can help customers to improve their processes, increase their yield and maintain their satisfaction.

The IEEE Standard for Sanitizing Storage (IEEE 2883-2022) provides guidelines for securely erasing data on storage technology developed after the National Institute of Standards and Technology (NIST) issued NIST Special Publication 800-88, Rev. 1, “Guidelines for Media Sanitization,” in 2014.  

While NIST 800-88 remains the most widely used data erasure standard in the United States and in many parts of the world, technology continues to advance since its publication almost a decade ago. IEEE and NIST are different organizations, but the new standard can be seen as a natural continuation of NIST principles

That said, IEEE 2883-2022 aims to fill a growing information gap since NIST 800-88 was last revised. For instance, it provides guidance for securely sanitizing SATA, SCSI, and NVMe drives that have grown in popularity as data storage needs have evolved.

Since the NIST standard provides limited guidance for these technologies, IEEE 2883-2022 offers a critical resource for organizations that need to securely remove data from these types of drives. 

Decommissioning IT? You'll need an erasure standard. Learn more here: A Comprehensive List of Data Wiping & Erasure Standards

Why Your Organization Needs to Know IEEE 2883-2022 

The new standard is available for purchase through IEEE’s website as a downloadable PDF. While there are currently no mandates to use the new IEEE data erasure standard, doing so provides enterprises with the security that their newer devices can be sanitized following guidelines from a globally respected association.  

Implementation requires following the standards and processes described. The addition should be straightforward for organizations that already use the NIST guidelines, as IEEE 2883-2022 contains many key similarities along with several advantages. 

For instance, IEEE standards are as quick (and sometimes quicker) to execute than NIST standards. Yet they also leverage and recommend new technological capabilities introduced since 2015 (such as restoring depopulated storage elements, resetting write pointers, and clearing NVMe buffers) for an additional level of data security. 

The new standard provides:  

For background on how the pending ISO 27040 update will reference IEEE 2883, read this blog from the International Data Sanitization Consortium: Media Sanitization Standards Are Changing for Data Storage Devices, Data-Driven Organizations & Tech Vendors

IEEE 2883 also classifies data sanitization into three categories, which are similar to NIST’s, on how to sanitize data by media type: 

Because of the increased data density of newer technologies, the IEEE Standard for Sanitizing Storage renders shredding and pulverizing obsolete when it comes to using physical destruction as a sanitization method. Does this provide the data protection you need? See Drive Destruction vs. Data Erasure: Which Data Disposal Method is Most Secure?

The Role of IEEE 2883-2022  

With this new standard, reverse logistics companies, ITADs, and enterprises now have more methods of sanitizing logical storage and physical storage in a wider range of newer data-holding assets. Also, by leveraging IEEE 2883-2022, organizations can process a larger range of device types.

Finally, when enterprises send devices to an ITAD, recycler, or reverse logistics provider for processing, they will often specify a standard; these service providers may therefore see an increase in customers asking that new IEEE data sanitization standard be used as enterprise security policies evolve. 

But what is data sanitization?  

Data sanitization ensures that all data—no matter how sensitive—can never be recovered from a data storage asset. This is imperative for drives and devices that have accessed or stored potentially sensitive data, such as personally identifiable customer information or proprietary business information. 

While some data sanitization methods physically destroy devices and render them unusable, software-based data sanitization, or data erasure, allows organizations to confidently reuse, resell, and recycle functional laptops, mobile phones, and desktop computers, including returned, end-of-first-life, end-of-lease, or end-of-contract devices, without fear that data will be compromised.  

Reverse logistics companies will want end users who send back devices to confidently know their functional devices no longer hold sensitive data. ITADs that assist enterprises with processing decommissioned end user or data center data storage devices will want the same. And, if enterprises retain data erasure in-house, they’ll want to know that their advanced drives can be safely redeployed, sold, returned, or donated without any concerns over data security.

By wiping to the new IEEE data erasure standard, each of these organizations can ensure that devices can be reused without exposing data from the previous user. Their efforts in furthering this kind of technology reuse not only yields financial benefits, but also advances environmental sustainability goals.  

Using tested, certified solutions provides confidence that your data is truly gone. Here's how to ensure IEEE‑compliant data sanitization

The Growing Need for Data Erasure—and the New IEEE Data Erasure Standard 

The amount of data continues to increase rapidly. Modern storage solutions can hold ever-increasing amounts of data, creating a cybersecurity risk. As reverse logistics companies process a growing number of more advanced devices and drives, it is imperative that all data gets successfully cleared. 

Other data sanitization recommendations and guidelines provide a starting point for managing end-of-life data on SATA, SCSI, and NVMe drives. IEEE 2883-2002 clarifies much of the confusion that often exists in data erasure guidance, allowing organizations that adhere to it to prepare devices more quickly and confidently for the next stage in their lifecycle.  

IEEE 2883-2002 adoption will gradually increase over time as the standard becomes more ingrained in data and asset lifecycle management processes. Blancco has already integrated IEEE 2883 conformance into its data erasure software in response to customer demand.

Plan today for when and how your organization will utilize this new standard to improve asset sanitization during your reverse logistics processes. 

This article has been slightly modified since its original appearance in the August 2023 issue of RL Magazine, published by the Reverse Logistics Association.

Need IEEE 2883-Compliant Data Sanitization?

Turn to Blancco for industry-leading expertise when decommissioning SATA, SCSI, and NVMe drives.

You may be interested in: