Confidently erase data in active environments and from used IT assets.
Boost services throughout the device lifecycle—from first sale to end-of-life.
Expedite processes, recover more marketable product, and increase services.
Home » Resources » The IDSC’s Guide to Data Sanitization Terminology
This week marks the launch of the International Data Sanitization Consortium, a group of analysts, software vendors, hardware manufacturers, IT asset disposition companies and enterprise organizations dedicated to creating and distributing data sanitization best practices, to eliminate ambiguity around data sanitization terminolgy and to influence data sanitization standards and guidelines. IDSC Founding Members Include: Information Governance Initiative […]
Security executive Richard Stiennon has previously held roles such as Chief Strategy Officer of Blancco Technology Group from 2016-2017 and Vice President of Research at Gartner Inc. from 2000 to 2004. Currently, Richard is a cyber security lecturer at Charles Sturt University in Australia and a strategic advisory member of the International Data Sanitization Consortium. His book, There Will Be Cyberwar, was named a Washington Post bestseller in April 2016. Richard is regularly featured in news publications such as Forbes, Dark Reading, Infosecurity Magazine, Network World and BetaNews, where he comments on data governance, data management, and cyber security.
This week marks the launch of the International Data Sanitization Consortium, a group of analysts, software vendors, hardware manufacturers, IT asset disposition companies and enterprise organizations dedicated to creating and distributing data sanitization best practices, to eliminate ambiguity around data sanitization terminolgy and to influence data sanitization standards and guidelines.
IDSC Founding Members Include:
Information Governance Initiative Barclay Blair
Information Security & Forensics Expert Paul Henry
Blancco Technology Group Richard Stiennon
Ingram Micro ITAD Rohini Khanduri
Kroll Ontrack LLC Henrik Andersen
Morgan Privacy Consulting David Morgan
Financial Industry Veteran Craig L. Koon
Consulting/Technology Industry Veteran Steve Martin
Blancco’s Chief Strategy Officer Richard Stiennon is Director of the organization. When asked the importance of the IDSC, he replied: “It’s time for the mature industry of media sanitization, which has long focused on end-of-life destruction, to turn its sights to sanitization across the full data lifecycle and to target data wherever it may live—on IT assets, in the cloud or in a data center.”
One of the IDSC’s primary objectives is building consensus around terminology and definitions for data erasure, data lifecycle management, data security lifecycle and data sanitization, among other terms.
The IDSC defines data sanitization as “…[t]he process of deliberately, permanently and irreversibly removing or destroying the data stored on a memory device to make it unrecoverable. A device, or the data, that has been sanitized has no usable residual data. Even with the assistance of advanced forensic tools, the data will never be recovered. There are three methods to achieve data sanitization: physical destruction, cryptographic erasure and data erasure.” This definition was heavily influenced by respected data sanitization experts at Gartner. [Update: In 2019, a variation of this definition has also been adopted by Gartner in three of their Hype Cycle Reports. See “Data Sanitization Enters “Slope of Enlightenment” on Gartner Hype Cycle.”]
Some other terminology worth mentioning includes:
Information lifecycle management (ILM) is a comprehensive approach to managing the flow of an information system’s data and associated metadata from creation and initial storage to the time when it becomes obsolete and is destroyed.
When ILM is implemented, there are automated processes to classify data into tiers according to policies, automating the migration of data from one tier to another based on the criteria within the policies.
Data lifecycle management (DLM) is often used interchangeably with information lifecycle management (ILM). However, products that support DLM manage general attributes of files (i.e. type, size and age), whereas ILM goes beyond these general attributes to search for various types of stored files (i.e. specific piece of data, such as a customer number).
The distinction between ILM and DLM is important as EU General Data Protection Regulation: Right to be Forgotten comes into effect in May 2018, and customers are able to request their information to be erased upon request with proof. More companies will need to understand the technology that supports ILM to comply with this regulation.
The data security lifecycle (DSL) and information lifecycle management (ILM) differ based on the needs of the audience (security vs. operations). The lifecycle includes six phases from creation to destruction. Although it is shown as a linear progression, once created, data can bounce between phases without restriction, and may not pass through all stages. This is a summary of the lifecycle, and a complete version is available here.
Create: Classify the information and determine appropriate rights, usually performed by technology or default classification and rights applied based on point of origin.
Store: Map the classification and rights to security controls, including access controls, encryption and rights management. Include certain database controls like labeling in rights management – not just DRM. Controls at this stage also apply to managing content in storage repositories, such as using content discovery to ensure that data is in approved/appropriate repositories.
Use: Include both detective controls like activity monitoring and preventative controls like rights management. Logical controls are typically applied in databases and applications.
Share: Include a mix of detective and preventative controls, such as DLP/CMF/CMP and encryption for secure exchange of data, as well as logical controls and application security.
Archive: Use a combination of encryption and asset management to protect the data and ensure its availability.
Destroy: Use an effective data sanitization method to deliberately, permanently and irreversibly remove or destroy the data. This process involves going back through the archive, storage and sharing locations of that data (where the data ‘has’ been located) to permanently make it unrecoverable.
Data hygiene is the process of ensuring all incorrect, duplicate or unused data is properly classified and migrated into the appropriate lifecycle stage for storage, archival or destruction on an ongoing basis through automated policy enforcement. By following data hygiene best practices, organizations can effectively manage ‘where’ their data is throughout the lifecycle and reduce the amount of data they store by successfully destroying the data to mitigate risks.
The process of shredding hard drives, smartphones, printers, laptops and other storage media into tiny pieces by large mechanical shredders or using degaussers.
Degaussing is a form of physical destruction whereby data is exposed to the powerful magnetic field of a degausser and neutralized, rendering the data unrecoverable. Degaussing can only be achieved on hard disk drives (HDDs) and most tapes, but the drives or tapes cannot be re-used upon completion. Degaussing is not an effective method of data sanitization on solid state drives (SSDs).
Physical destruction is an effective method of destroying data to render the data unrecoverable and achieve data sanitization. Physical destruction can be harmful to the environment and destroys the assets so they are unable to be reused or resold.
Cryptographic erasure is used interchangeably with Crypto Erase. Cryptographic erasure is the process of using encryption software (either built-in or deployed) on the entire data storage device, and erasing the key used to decrypt the data. The encryption algorithm must be at a minimum of 128 bits (go here for industry-tested and accepted algorithms). While the data remains on the storage device itself, by erasing the original key, the data is effectively impossible to decrypt. As a result, the data is rendered unrecoverable and is an appropriate method to achieve data sanitization.
3 Steps to Achieve Cryptographic Erasure:
Cryptographic erasure is a quick and effective method to achieve data sanitization. It is best used when storage devices are in transit or for storage devices that contain information that is not sensitive. Cryptographic erasure relies heavily on the manufacturer where implementation issues could occur. The users also could impact the success of cryptographic erasure through broken keys and human errors. But most importantly, cryptographic erasure still allows for the data to remain on the storage device and often does not achieve the regulatory compliance requirements.
Data erasure is the software-based method of securely overwriting data from any data storage device using zeros and ones onto all sectors of the device. By overwriting the data on the storage device, the data is rendered unrecoverable and achieves data sanitization.
To Achieve Data Erasure, the Software Must:
Block erase can be a feature, but is often used interchangeably with data erasure. Block erase is the ability for vendor software to target the logical block addresses, including those that are not currently mapped to active addresses, on the storage device to erase all data on the device. However, if the block erase software does not provide for the 3 steps noted in the data erasure definition, it does not achieve data sanitization.
Data erasure is the highest form of securing data within data sanitization, due to the validation process for ensuring the data was successfully overwritten and the auditable reporting readily available. Data erasure also supports environmental initiatives, while allowing organizations to retain the resale value of the storage devices. Data erasure, however, is a timelier process than other forms of data sanitization. And, data erasure forces organizations to develop policies and processes for all data storage devices within an organization.
Data sanitization methods have been proven to render the data on the appropriate storage devices unrecoverable. But, many other terms are often used interchangeably, which result in incomplete data sanitization.
Example: If a file is deleted and the recycle bin is emptied, the pointers to the data are removed, but the data itself is recoverable.
Data clearing provides many options, depending on the storage device where the data is contained, including returning a device to a factory state by deleting the file pointers. Data clearing is effectively achieved if the device interface does not allow users to retrieve the data that has been cleared. For most organizations, this loose definition is often used interchangeably within data sanitization; however, it does not achieve the requirements outlined in the definition.
Data purging provides many options to achieve this state, depending on the storage device where the data is contained, including cryptographic erasure, physical destruction and data erasure. Unfortunately, the term has been opened to improper forms using ambiguous language like ‘forms include’, instead of ‘must include’, which prevent organizations from achieving data sanitization. However, if the method used does not contain validation and proof through an auditable certificate, data purging will not achieve data sanitization.
To learn more about the IDSC’s goals and initiatives, visit www.datasanitization.org.