Home » Resources » [Overview] When Are Encryption and Cryptographic Erasure Not Enough?

[Overview] When Are Encryption and Cryptographic Erasure Not Enough?

Download Best Practice

Should organizations rely solely on encryption and cryptographic erasure as a means of protecting data? In this document, we’ll discover why the answer to that question is a resounding no. The ideal way to approach data protection, and specifically data sanitization, is to implement a multi-tiered, layered approach that goes beyond encryption alone.

What is Encryption?

Encryption is the process of converting information or data into a code to prevent unauthorized access. Encryption is completed by using an algorithm to encode the data so that it can only be deciphered with an encryption key.

What is Crypto-Erase?

What is Cryptographic Erasure (CE)?
This wiping method uses the native command to call a cryptographic erasure, which erases the encryption key. While the encrypted data remains on the storage device itself, it is effectively impossible to decrypt, rendering the data unrecoverable.

Proper implementation of Cryptographic Erasure follows a 3-step process:

1. Find and overwrite crypto keys and password
2. Verify full encryption of media
3. Create tamper-proof report

Pros, Cons & Risks

Pros

• CE can take only a few seconds to complete.
• Proper implementation can render data unrecoverable.

Cons

• Self-encrypting drives can have implementation issues.
• Keys must be stored and managed – without secure storage and management, these keys are vulnerable to attack.
• Most CE does not provide any form of verification.

Risks

• Encryption has a “use by” shelf life. As cryptography advances rapidly, algorithms that were once considered “strong” can be broken.
• If encryption is not in place (but the organization thought it was) or, it’s removed, turned off, flawed or broken, ALL of the organization’s data on the device is then accessible.
• Executive travelers can be ordered to unlock encryption on laptops when crossing sensitive borders.

Download Best Practice.

You may be interested in:

Everything You Need to Know About the DoD 5220.22-M Disk Wiping Standard & Its Applications Today

Driving Customer Loyalty with Enhanced Reverse and Value-Added Services

The Growing Mobile Device Insurance Market: How Insurers Can Develop New Opportunities

Enterprise Mobile Management