Should organizations rely solely on encryption and cryptographic erasure as a means of protecting data? In this document, we’ll discover why the answer to that question is a resounding no. The ideal way to approach data protection, and specifically data sanitization, is to implement a multi-tiered, layered approach that goes beyond encryption alone.

What is Encryption?

Encryption is the process of converting information or
data into a code to prevent unauthorized access. Encryption is completed by using an algorithm to encode the data so that it can only be deciphered with an encryption key.

What is Crypto-Erase?

What is Cryptographic Erasure (CE)?
This wiping method uses the native command to call a cryptographic erasure, which erases the encryption key. While the encrypted data remains on the storage device itself, it is effectively impossible to decrypt, rendering the data unrecoverable.

Proper implementation of Cryptographic Erasure follows a 3-step process:

1. Find and overwrite crypto keys and password
2. Verify full encryption of media
3. Create tamper-proof report

Pros, Cons & Risks

Pros

• CE can take only a few seconds to complete.
• Proper implementation can render data unrecoverable.

Cons

• Self-encrypting drives can have implementation issues.
• Keys must be stored and managed – without secure storage and management, these keys are vulnerable to attack.
• Most CE does not provide any form of verification.

Risks

• Encryption has a “use by” shelf life. As cryptography advances rapidly, algorithms that were once considered “strong” can be broken.
• If encryption is not in place (but the organization thought it was) or, it’s removed, turned off, flawed or broken, ALL of the organization’s data on the device is then accessible.
• Executive travelers can be ordered to unlock encryption on laptops when crossing sensitive borders.