New Government IT Disposal Procedures Improve Data Security

Following the loss of 18 hard drives destined for scrap, one local government revised its IT asset disposal procedures to protect against future data leaks. In doing so, they overcame several drawbacks to relying only on physical destruction methods to achieve data sanitization.

Vivian Cullipher Vivian is a career writer and editor, having covered technology-related topics for government and B2B organizations since before LinkedIn and the iPhone. As Blancco’s communications and content manager, she supports the development of thought-leadership-based copy for web, social media, and other Blancco communication channels.

Local Government Takes Data Protection Leadership Role with “Erase First” Mandate

Government agencies are constant targets of data breaches, including when storage devices reach the end of their useful life. But in some instances, a breach leads to much stronger data protection policies.

That’s the case in Japan, where one local government is leading the way in how it protects information on no-longer-needed data storage equipment. The government’s approach requires software-based data erasure whenever devices are to be retired, whether the devices are being returned to a lessor, reused internally or externally or slated for physical destruction.

3 Ways Physical Destruction of IT Assets Leaves Government Data Vulnerable

Many government entities physically shred or mutilate used data storage drives and devices (such as PCs or laptops) to keep data from being accessed by unauthorized users. Depending on the device type and degree of physical destruction, this can be effective. But there are several potential areas of concern along the way, all of which put government data at risk of being leaked to unauthorized parties.

Ineffective data removal practices provide a false sense of security.

Organizations often attempt to eliminate data from their end-of-life hardware before sending it to an IT asset disposition (ITAD) provider or recycler for physical destruction. Unfortunately, our research shows that over a third of all organizations use inappropriate methods such as formatting, overwriting with free tools or other ineffective data removal methods.

This often means data remains on the devices without the government agency knowing. This data can be easily recovered with forensic tools after it leaves the agency’s protected environment.

Manual physical destruction procedures leave room for tampering.

While there are highly reputable vendors that provide drive and device destruction services, the physical destruction process has vulnerabilities. Equipment must be accounted for at every step, starting with an organization’s precise inventory of the units to be destroyed. After that, the vendor must provide careful oversight during transport, 24/7 secure storage and destruction confirmation for every data storage device.

That can be harder than it seems:

• Most physical destruction processes can’t efficiently track serial numbers throughout the disposal process – Physical destruction is time-consuming and often manual, particularly when tracking the sanitization of thousands of devices. The disposal vendor may photograph devices and note serial numbers as “proof” of destruction, but once the device has gone through a shredder (for instance), unreadable serial numbers fail to guarantee that the drive photographed at the beginning truly ended up in the shred bin at the end.
• Large projects discourage confirming every destruction – Because there is typically no digital tracking of a device from start to finish, checking the list of hundreds or even thousands of items against the original inventory must be done by hand. Because the original and final manifests aren’t always compared line by line, but merely sampled, intact devices can leave the facility undetected.

Physical destruction can leave confidential data intact.

Physical destruction methods must match the drive type to ensure that data is irrecoverable. Some methods that may work for hard disk drives (HDDs) with magnetic platters could be completely inadequate for flash-based solid-state drives (SSDs).

To overcome this, organizations must either sort devices and apply different destruction methods to each type of device or use specialized equipment for more aggressive methods—such as shredding devices to no larger than 2 mm—on all IT assets. Otherwise, a larger shred size can leave whole SSD chips intact or, in the case of degaussing, completely unaffected.

Better Data Protection for Government: Erase Data First, Onsite and Under Supervision

In a decisive response to the loss of 18 hard drives intended for physical destruction, the Kanagawa Prefectural Government revisited its IT asset disposal procedures to overcome these challenges. In its “Measures to Prevent Information Leakage from IT Equipment Used to Store Prefectural Information (Japanese, PDF),” the prefecture included several important measures to protect its used storage assets:

1. All equipment must be erased before reuse or destruction. Before sending IT assets to their next destination, prefecture staff—not a contractor—must first erase all drives and devices onsite at end-of-life.
   • For non-confidential systems, drives and IT equipment may be reused after software-based data erasure. Leased equipment is not only erased by the prefecture, but also again by the lessor.
   • Drives from confidential systems cannot be reused. They must first be erased with approved software before they are destroyed by a professional, third-party company.
   • The only exception to software-based data erasure is for HDD-based servers, which may be degaussed if mechanical failures, defective drives or other similar instances prevent successful erasure. But these must be destroyed after degaussing, simply because degaussing cannot fully verify that complete data destruction has taken place.
   • Mobile devices are also to be erased according to NIST SP 800-88 crypto erase requirements.
2. Erase data assets onsite. In all cases, erasure, degaussing and destruction must be conducted onsite, and erasure must be conducted by prefecture staff.
3. Erase data under supervision. Two or more prefecture staff must oversee and verify all erasure and destruction procedures, including photographing devices and cross-checking documentation of all devices by serial number.

In each case, neither free software nor non-certified products are an option. Instead, the data erasure software used must be tested and certified either internally or externally by a professional, third-party company.

Furthermore, effective software-based data erasure must:

• overwrite all data on the drives completely at least once (or only once, in line with NIST SP 800-88 recommendations)
• verify and record each overwrite
• provide a certificate of erasure for each device

Software-Based Data Erasure Protects Government Data

By incorporating quality, software-based data erasure firmly into its disposal policies and keeping the processes onsite, the Kanagawa Prefectural Government prevents data from being recovered from retired devices whether they are used again or are destroyed. This adds a secure layer of data protection on behalf of its citizens: Even if a device is somehow misplaced or stolen, all data has already been removed.

In addition, by requiring government oversight at each step, the prefecture has virtually eliminated chain of custody issues that may lead to assets being lost or stolen. The prefecture also uses data erasure software that integrates with their internal IT asset management system. This enables the prefecture to easily track every device along the erasure process. The software automatically generates an audit-ready report, which is protected by a digital signature and provides a tamper-proof audit trail—something that’s just not fully possible in some areas with physical destruction.

Finally, because data erasure eliminates access to previously stored data without destroying the device, they now have the option of confidently reusing devices without accidentally sharing sensitive information.

In each of these areas, the prefecture has adopted a high standard for protecting citizen data.

How Blancco Provides Government with Secure Data Destruction

Blancco offers highly secure and efficient software-based data erasure for government drives, PCs, servers, mobile devices and more. Our solutions comply with 25+ global industry data erasure standards and have been tested, certified, approved and recommended by 15+ governing bodies and leading organizations around the world. For end-to-end oversight of the erasure process, government agencies can also connect existing asset management solutions through our API integration for streamlined, tamper-proof reporting and equipment tracking.

All of this empowers public-sector organizations to ensure complete data protection.

Get Your Free Enterprise Data Erasure Trial for Government

Find out how we can help your government organization secure the data on end-of-life devices before reusing or physically destroying them. Request your free enterprise data erasure trial today.