Home » Resources » [Overview] When Are Encryption and Cryptographic Erasure Not Enough?

[Overview] When Are Encryption and Cryptographic Erasure Not Enough?

Should organizations rely solely on encryption and cryptographic erasure as a means of protecting data? In this document, we’ll discover why the answer to that question is a resounding no. The ideal way to approach data protection, and specifically data sanitization, is to implement a multi-tiered, layered approach that goes beyond encryption alone.

Ask Yourself: “Can we rely 100% on data encryption to protect our data, brand and reputation?” Download Best Practice

What is Encryption?

Encryption is the process of converting information or data into a code to prevent unauthorized access. Encryption is completed by using an algorithm to encode the data so that it can only be deciphered with an encryption key.

What is Crypto-Erase?

What is Cryptographic Erasure (CE)?
This wiping method uses the native command to call a cryptographic erasure, which erases the encryption key. While the encrypted data remains on the storage device itself, it is effectively impossible to decrypt, rendering the data unrecoverable.

Proper implementation of Cryptographic Erasure follows a 3-step process:

Find and overwrite crypto keys and password
Verify full encryption of media
Create tamper-proof report

Pros, Cons & Risks

Pros

CE can take only a few seconds to complete.
Proper implementation can render data unrecoverable.

Cons

Self-encrypting drives can have implementation issues.
Keys must be stored and managed – without secure storage and management, these keys are vulnerable to attack.
Most CE does not provide any form of verification.

Risks

Encryption has a “use by” shelf life. As cryptography advances rapidly, algorithms that were once considered “strong” can be broken.
If encryption is not in place (but the organization thought it was) or, it’s removed, turned off, flawed or broken, ALL of the organization’s data on the device is then accessible.
Executive travelers can be ordered to unlock encryption on laptops when crossing sensitive borders.

Download Best Practice.

You may be interested in:

Rethink Your Mobile Device Processing for a Lower Cost per Unit

Should You Invest in Data Destruction Software?

A Comprehensive List of Data Wiping & Erasure Standards

Governments, industry organizations, and standards bodies around the world have created a range of guidelines for securely eliminating data from data storage assets like drives and computers. Here’s a summary of them, including NIST Clear…

Laptop & Desktop Erasure for Enterprise

Data Center

Cloud Migration

Storage & Loose Drives

Diagnostics & Erasure

Mobile – Buy-Back/Trade-In

Mobile Insurance

Fault Management

Storage

Laptop & Desktop Erasure for ITAD

Loose Drives

Server