Data Erasure FAQs for the U.S. Public Sector

Blancco has been helping government organizations across the globe reduce risk for over twenty years. As the leader in data erasure software, our solutions are proven to be the most secure and effective on the market. Read on for a list of some of the common questions we receive from U.S. public sector, then reach out to us for additional information on how we can help you improve data security across your organization.

Which is more secure – physical destruction or data erasure?

While physical destruction is required for many government organizations, newer drive technology presents additional variables that need to be considered to mitigate risk. While degaussing is the cheapest and easiest form of physical destruction for HDDs, it is incapable of removing data on SSDs or NVMes. Degaussing destroys data by reducing or eliminating the unwanted magnetic fields and rendering the drive unusable. Flash-based storage such as SSDs or NVMes are incapable of being degaussed because their data is not stored magnetically.

As NIST explains, “Destructive techniques for some media types may become more difficult or impossible to apply in the future. Traditional techniques such as degaussing (for magnetic media) become more complicated as magnetic media evolves, because some emerging variations of magnetic recording technologies incorporate media with higher coercivity (magnetic force). As a result, existing degaussers may not have sufficient force to effectively degauss such media.”

Physically shredding flash storage presents security challenges, as the density of data per drive is progressively increasing while the drive size is decreasing. Typically, a shred width of 1/2″ or smaller is needed to break through the small memory chips and securely remove the data. Most standard industrial shredders will only shred to 1″ particle size—leaving data behind and available for hackers to restore with the right means.

Again, as NIST explains, “Applying destructive techniques to electronic storage media (e.g., flash memory) is also becoming more challenging, as the necessary particle size for commonly applied grinding techniques goes down proportionally to any increases in flash memory storage density. Flash memory chips already present challenges with occasional damage to grinders due to the hardness of the component materials, and this problem will get worse as grinders attempt to grind the chips into even smaller pieces.”

Security throughout the full chain of custody can also be an issue. Tracking an asset at every step of its end-of-life journey (including during transportation to an off-site facility), is of the utmost importance. Sanitizing data onsite mitigates this risk, while also providing a full audit trail prior to destruction.

During the lifecycle of data, there are numerous levels of security to protect the integrity of that data (firewalls, encryption, etc). We take the same approach at the end-of-life or end-of-lifecycle by adding an additional layer of security by combining secure erasure and physical destruction in tandem, if physical destruction is required by regulation. That way, you’re adding an extra layer of secure protection to assets before they meet their demise.

How does secure data erasure result in monetary savings?

The average lifespan of a laptop is around four years, meaning 25 percent+ of an organization’s laptops are reaching end-of-life every year. Physically destroying valuable laptops, PCs, mobile phones and other IT assets not only comes with security risk (and a cost)—but also doesn’t give local public sector organizations the opportunity to erase and reuse those assets internally (saving money) or donate them to local schools in need. Simply storing assets with private data isn’t a great idea, either, as it can lead to sensitive data leaks. Data erasure is the only way to guarantee data sanitization across your IT assets with the confidence to reuse, resell or recycle them. And with Blancco’s scalable, plug-and-play solution, you won’t need to spend a lot of time or money on training employees.

How many overwrites are required for secure erasure?

Multiple overwrites are not necessary today, thanks to advances in technology. The common DoD standard does not account for newer technologies (such as SSDs) and recommends a three-pass method. However, the more recent NIST standard is now the go-to standard for the industry, as it takes newer technologies into account and has essentially replaced DoD requirements. This standard recommends a single, secure overwrite. Blancco offers both of these standards, along with 20+ others, allowing organizations the ability to choose the most effective, efficient method for their specific needs.

Download the Solution Brief.