What Makes Blancco’s Certificates Tamper-Proof?

Jan 17, 2023 Blog Article

Blancco issues customers tamper-proof erasure certificates that document proper data sanitization, providing regulators and auditors with an immutable record of compliance stored in a cloud-based, searchable central repository for easy access.  

Let’s see how tamper-proof certificates of erasure simplify audits and bring you peace of mind. 

David Stegon David is a technology-focused writer with more than 20 years of professional experience. A former reporter, David has written on a wide range of topics. As senior content writer at Blancco, he supports the company’s thought leadership, content marketing, and social media efforts.

Secure Digital Signatures Make Erasure Certificates Tamper-Proof

It is no longer acceptable to just destroy data. Businesses need to provide data privacy and protection regulators an official record to prove they followed industry requirements. Blancco data erasure solutions produce a tamper-proof certificate for each erasure, but what exactly does “tamper-proof” mean? 

How Our Digital Signatures Work

For every Blancco data erasure, we create an erasure certificate that is digitally signed and features a unique identifier that cannot be modified or adjusted. This ensures that your erasure certificate is valid, and that you can be sure that data has been completely and forever removed from the drive or device.

You can also provide immutable evidence to show regulatory and industry compliance: The digital signature is a hash of the report content and is unique to each report (hashes provide a one-way encryption method that adds another layer of security). This digital signature changes completely if any change is made to the report and ensures integrity and authenticity.

Learn more: Why are Data Erasure Certifications & Third-Party Validations So Important?

How Tamper-Proof Report Signatures Are Created

Signatures are created with a private key unique to the Blancco product you are using and a companion public key stored in the Blancco Management Console. These keys work together and are used to verify authenticity.

Blancco’s technology also enables you to create your own digital signature through a pair of keys. These keys can be generated using the RSA algorithm.  

This custom digital signature is supported in Blancco Drive Eraser v6.12.0 and higher.  Blancco Drive Eraser Configuration Tool v2.12.0 or higher is required to upload the private key. It can also be used to generate unique keys if need be. 

Important Steps: Meeting NCSC & NHS Guidance on Data Sanitization

Why Tamper-Proof Erasure Reports Matter

While digital signatures help render erasure certificates tamper proof, the certificates themselve report on and validate the erasure process. These reports provide details on what asset was erased, the erasure method used, what type of data was erased, and the level of erasure, along with a chain of custody of hardware. All of this information is critical to auditors who need to map erasure activity against industry and regulatory data destruction requirements.

The Blancco Management Console acts as the repository for erasure certificates and ensures an unbroken chain of custody. If even a single comma has changed on the certificate, the Blancco Management Console will detect it during report verification. As a user, you can still view the report, but you will get a notification about the change. 

How Tamper-Proof Certificates Simplify the Data Erasure Audit Process

Security and privacy requirements for organizations, including federal legislation (e.g., HIPAA), state legislation (e.g., California Privacy Rights Act), international regulation (e.g., GDPR), and industry frameworks (e.g., PCI, COBIT) require that no-longer-needed data be sanitized so that it isn’t subject to unauthorized access. If data isn’t sanitized correctly and in a timely manner, there can be significant consequences, including hefty fines, costly data breaches, damage to brand reputation, and a loss of customers. 

In addition, the very definition of proper data sanitization typically requires a certificate. The most referenced media sanitization guidance document, NIST SP 800-88, v1, for instance, requires a certificate of destruction to achieve sanitization, so a tamper-proof report is a critical element of that process.

Blancco’s reporting system provides auditors with a certified recorded history of data erasure. And, the Blancco Management Console provides permissions-based, centralized access to auditors, allowing them to easily confirm compliance.

For companies like yours, having tamper-proof erasure certificates provides an extra layer of security. You know with confidence that your data is completely unrecoverable, and that the reports you provide to auditors are fully accurate, ensuring seamless compliance and greater peace of mind.


Target Files & Folders with Blancco File Eraser

Securely erase sensitive files and folders and free disk space from PC desktop computers, laptops,  and servers—either manually or automatically.

Learn how with our short video.

You may be interested in: