The IDSC’s Guide to Data Sanitization Terminology

Aug 10, 2017 Blog Article

This week marks the launch of the International Data Sanitization Consortium, a group of analysts, software vendors, hardware manufacturers, IT asset disposition companies and enterprise organizations dedicated to creating and distributing data sanitization best practices, to eliminate ambiguity around data sanitization terminolgy and to influence data sanitization standards and guidelines. IDSC Founding Members Include: Information Governance Initiative   […]

Richard Stiennon - Blancco Contributor

Richard Stiennon Security executive Richard Stiennon has previously held roles such as Chief Strategy Officer of Blancco Technology Group from 2016-2017 and Vice President of Research at Gartner Inc. from 2000 to 2004. Currently, Richard is a cyber security lecturer at Charles Sturt University in Australia and a strategic advisory member of the International Data Sanitization Consortium. His book, There Will Be Cyberwar, was named a Washington Post bestseller in April 2016. Richard is regularly featured in news publications such as Forbes, Dark Reading, Infosecurity Magazine, Network World and BetaNews, where he comments on data governance, data management, and cyber security.

The Inaugural Launch of the International Data Sanitization Consortium

This week marks the launch of the International Data Sanitization Consortium, a group of analysts, software vendors, hardware manufacturers, IT asset disposition companies and enterprise organizations dedicated to creating and distributing data sanitization best practices, to eliminate ambiguity around data sanitization terminolgy and to influence data sanitization standards and guidelines.

IDSC Founding Members Include:

Information Governance Initiative                            Barclay Blair

Information Security & Forensics Expert               Paul Henry

Blancco Technology Group                                        Richard Stiennon

Ingram Micro ITAD                                                         Rohini Khanduri

Kroll Ontrack LLC                                                           Henrik Andersen

Morgan Privacy Consulting                                         David Morgan

Financial Industry Veteran                                           Craig L. Koon

Consulting/Technology Industry Veteran              Steve Martin

It’s time for the mature industry of media sanitization, which has long focused on end-of-life destruction, to turn its sights to sanitization across the full data lifecycle and to target data wherever it may live—on IT assets, in the cloud or in a data center.

Data Sanitization Terminology

One of the IDSC’s primary objectives is building consensus around terminology and definitions for data erasure, data lifecycle management, data security lifecycle, and data sanitization, among other terms.

The IDSC defines data sanitization as “…[t]he process of deliberately, permanently and irreversibly removing or destroying the data stored on a memory device to make it unrecoverable. A device, or the data, that has been sanitized has no usable residual data. Even with the assistance of advanced forensic tools, the data will never be recovered. There are three methods to achieve data sanitization: physical destruction, cryptographic erasure and data erasure.”

This definition was heavily influenced by respected data sanitization experts at Gartner.

In 2019, a variation of this definition was adopted by Gartner in three of their Hype Cycle Reports, and carried through to later versions. See: Data Sanitization Climbs “Slope of Enlightenment” on Gartner Hype Cycle

Some other terminology worth mentioning includes:

Information Lifecycle Management

Information lifecycle management (ILM) is a comprehensive approach to managing the flow of an information system’s data and associated metadata from creation and initial storage to the time when it becomes obsolete and is destroyed.

When ILM is implemented, there are automated processes to classify data into tiers according to policies, automating the migration of data from one tier to another based on the criteria within the policies.

Lifecycle Stages:

Differentiating between Information Lifecycle Management & Data Lifecycle Management

Data lifecycle management (DLM) is often used interchangeably with information lifecycle management (ILM). However, products that support DLM manage general attributes of files (i.e. type, size and age), whereas ILM goes beyond these general attributes to search for various types of stored files (i.e. specific piece of data, such as a customer number).

The distinction between ILM and DLM is important as EU General Data Protection Regulation: Right to be Forgotten comes into effect in May 2018, and customers are able to request their information to be erased upon request with proof. More companies will need to understand the technology that supports ILM to comply with this regulation.

Data Security Lifecycle (DSL)

The data security lifecycle (DSL) and information lifecycle management (ILM) differ based on the needs of the audience (security vs. operations). The lifecycle includes six phases from creation to destruction. Although it is shown as a linear progression, once created, data can bounce between phases without restriction, and may not pass through all stages. This is a summary of the lifecycle, and a complete version is available here.

Stages for Data Security Lifecycle

Create: Classify the information and determine appropriate rights, usually performed by technology or default classification and rights applied based on point of origin.

Store: Map the classification and rights to security controls, including access controls, encryption and rights management. Include certain database controls like labeling in rights management – not just DRM. Controls at this stage also apply to managing content in storage repositories, such as using content discovery to ensure that data is in approved/appropriate repositories.

Use: Include both detective controls like activity monitoring and preventative controls like rights management. Logical controls are typically applied in databases and applications.

Share: Include a mix of detective and preventative controls, such as DLP/CMF/CMP and encryption for secure exchange of data, as well as logical controls and application security.

Archive: Use a combination of encryption and asset management to protect the data and ensure its availability.

Destroy: Use an effective data sanitization method to deliberately, permanently and irreversibly remove or destroy the data. This process involves going back through the archive, storage and sharing locations of that data (where the data ‘has’ been located) to permanently make it unrecoverable.

Need to destroy excess, outdated, trivial, or end-of-life data? You have some options, and some are better than others: Should You Invest in Data Destruction Software?

Data Hygiene

Data hygiene is the process of ensuring all incorrect, duplicate or unused data is properly classified and migrated into the appropriate lifecycle stage for storage, archival or destruction on an ongoing basis through automated policy enforcement. By following data hygiene best practices, organizations can effectively manage ‘where’ their data is throughout the lifecycle and reduce the amount of data they store by successfully destroying the data to mitigate risks.

Physical Destruction

The process of shredding hard drives, smartphones, printers, laptops and other storage media into tiny pieces by large mechanical shredders or using degaussers.


Degaussing is a form of physical destruction whereby data is exposed to the powerful magnetic field of a degausser and neutralized, rendering the data unrecoverable. Degaussing can only be achieved on hard disk drives (HDDs) and most tapes, but the drives or tapes cannot be re-used upon completion. Degaussing is not an effective method of data sanitization on solid state drives (SSDs).

Pros & Cons of Physical Destruction

Physical destruction is an effective method of destroying data to render the data unrecoverable and achieve data sanitization. Physical destruction can be harmful to the environment and destroys the assets so they are unable to be reused or resold.

Cryptographic Erasure (Crypto Erase)

Cryptographic erasure is used interchangeably with Crypto Erase. Cryptographic erasure is the process of using encryption software (either built-in or deployed) on the entire data storage device, and erasing the key used to decrypt the data. The encryption algorithm must be at a minimum of 128 bits (go here for industry-tested and accepted algorithms). While the data remains on the storage device itself, by erasing the original key, the data is effectively impossible to decrypt. As a result, the data is rendered unrecoverable and is an appropriate method to achieve data sanitization.

3 Steps to Achieve Cryptographic Erasure:

  1. The encryption on the storage device must be turned on by default and provide access to the API call to the storage device to remove the key, which allows cryptographic erasure to be supported.
  2. Cryptographic erasure must verify the encryption key has removed the old key and replace with a new key, rendering the data encrypted and the previous key unrecoverable.
  3. The cryptographic erasure software must produce a tamper-proof certificate containing information that the key has been successfully removed, along with data about the device and standard used.

Pros and Cons of Cryptographic Erasure

Cryptographic erasure is a quick and effective method to achieve data sanitization. It is best used when storage devices are in transit or for storage devices that contain information that is not sensitive. Cryptographic erasure relies heavily on the manufacturer where implementation issues could occur. The users also could impact the success of cryptographic erasure through broken keys and human errors. But most importantly, cryptographic erasure still allows for the data to remain on the storage device and often does not achieve the regulatory compliance requirements.

Data Erasure

Data erasure is the software-based method of securely overwriting data from any data storage device using zeros and ones onto all sectors of the device. By overwriting the data on the storage device, the data is rendered unrecoverable and achieves data sanitization.

To Achieve Data Erasure, the Software Must:

  1. Allow for selection of a specific standard, based on your industry and organization’s unique needs.
  2. Verify the overwriting methodology has been successful and removed data across the entire device, or target data (if specifically called).
  3. Produce a tamper-proof certificate containing information that the erasure has been successful and written to all sectors of the device, along with data about the device and standard used.

Block erase can be a feature, but is often used interchangeably with data erasure. Block erase is the ability for vendor software to target the logical block addresses, including those that are not currently mapped to active addresses, on the storage device to erase all data on the device. However, if the block erase software does not provide for the 3 steps noted in the data erasure definition, it does not achieve data sanitization.

Pros and Cons of Data Erasure

Data erasure is the highest form of securing data within data sanitization, due to the validation process for ensuring the data was successfully overwritten and the auditable reporting readily available. Data erasure also supports environmental initiatives, while allowing organizations to retain the resale value of the storage devices. Data erasure, however, is a timelier process than other forms of data sanitization. And, data erasure forces organizations to develop policies and processes for all data storage devices within an organization.

Think all data destruction methods achieve the same thing? Think again. Which Common Data Sanitization Myths Do You Believe? Part I of II

Incomplete Data Sanitization Methods

Data sanitization methods have been proven to render the data on the appropriate storage devices unrecoverable. But, many other terms are often used interchangeably, which result in incomplete data sanitization.

Example: If a file is deleted and the recycle bin is emptied, the pointers to the data are removed, but the data itself is recoverable.

Data clearing provides many options, depending on the storage device where the data is contained, including returning a device to a factory state by deleting the file pointers. Data clearing is effectively achieved if the device interface does not allow users to retrieve the data that has been cleared. For most organizations, this loose definition is often used interchangeably within data sanitization; however, it does not achieve the requirements outlined in the definition.

Data purging provides many options to achieve this state, depending on the storage device where the data is contained, including cryptographic erasure, physical destruction and data erasure. Unfortunately, the term has been opened to improper forms using ambiguous language like ‘forms include’, instead of ‘must include’, which prevent organizations from achieving data sanitization. However, if the method used does not contain validation and proof through an auditable certificate, data purging will not achieve data sanitization.

To learn more about the IDSC’s goals and initiatives, visit