Data
Deletion and Wiping may
look similar, but should not be confused. Deleting Data leaves Data
recoverable, while deleting Data is permanent. This is especially
important for companies, since confusing these terms can lead to significant
problems.
There
is a lot of confusion surrounding the definition of Data wiping. The main
problem comes from thinking that formatting and the "Delete" button are
safe Wiping methods. They are not!
Despite
this, the vast majority of organizations believe that these are the appropriate
methods, which can expose their sensitive Data to a potential Data breach.
More
Data than ever
Organizations
create, store and send more Data than ever. In 2018, the global Data
volume was 33 zettabytes (ZB). By 2025, IDC predictions estimate that that
number will reach 175 zettabytes of Data worldwide. While corporate Data
is of great value, it also carries great risks. The more Data your
organization manages, the greater the risk of exposing it.
What
are the types of Data that exist?
·
Customer
Data - This
includes personally identifiable information (PII). Customer Data allows
you to identify a specific person by name, address, account numbers, financial
details, and Social Security number. It also covers protected health
information (PHI), such as medical records or associated payment Data.
·
Employee
Data - The same
type of Data as customer Data, but also includes salary and performance
reviews.
·
Corporate
Data - This may
include intellectual property, research and development Data, marketing
information, merger and acquisition information, financial results, internal
communications, and operational information.
Data
for sale
The
dangers of confusing deletion with deletion became apparent during one of our
recent studies. In conjunction with Blancco Technologies, we purchased 159
second-hand drives (a mix of HDD and SSD) from eBay and Amazon to analyze the
residual Data.
We
found sensitive residual Data in 42% of the devices and 15% contained
PII. This means that out of every 20 units tested, at least 3 contained
PII.
Some
of the examples of PII found:
·
A
unit of a software developer with a high level of government security
clearance. · Scanned images of family passports and birth certificates,
CVs and financial records.
·
College
student documentation and associated email addresses.
·
5GB
of archived internal emails from a major travel company.
·
3GB
of Data from a freight / transport company, along with documents regarding
shipment details, schedules and truck records.
·
College
student documentation and associated email addresses.
·
Commercial
information for a music store, with 32,000 photos.
·
School
documentation, including photos and documents of the names and grades of the
students.
One
of the significant conclusions of the study is that each of the vendors of the
units indicated that the appropriate Data sanitization methods had been
applied, ensuring that they did not contain any Data. The results indicate
that it did not happen and this is significant: while individuals recognize the
importance of erasing Data, the methods used are inadequate.
Formatting
and deletion
Formatting
A
common misunderstanding is thinking that formatting a drive is a safe way to
erase Data. It is certainly more reliable than simply deleting the files,
but a format will only make the operating system mark the area as deleted, thus
allowing an overwriting. You won't be able to see any Data on the screen,
but it will be there, available to be retrieved.
Recycle
Bin
Another
disposal method that is often mistaken for a way to erase Data is using a
computer's recycle bin. Any file sent to the recycle bin, even after
emptying the bin, is not deleted, but continues to exist on the drive. The
files are hidden, but most Data recovery programs can quickly recover these
files.
Data
Wiping software
Data
Wiping software permanently removes Data from IT assets such as computers, hard
drives, servers, Data center equipment, and smartphones. Using effective Data
Wiping software will allow your organization to reuse, resell or recycle all
its storage devices safely
Demagnetizers
A
degausser is a total Data destruction solution for magnetic media. By
generating a peak field of 18,000 gauss, the degausser erases 100% of the Data
from a device in a matter of seconds. This powerful electromagnetic field
exceeds the different oersted levels of the different magnetic media and the
gauss levels recommended by each manufacturer, which guarantees a complete
destruction of the device Data. More information here .
Shredders
are an effective and safe method of destroying HDDs, SSDs, smartphones and
mini-tablets. Each shredder reduces the devices to tiny fragments,
rendering them completely unusable. Being certified to the highest level,
shredders are an efficient option for the rapid and reliable destruction of
certain storage media.
Ensuring
that an organization has the correct Data Wiping standards is one thing, but
for those in highly regulated industries, certified Data destruction is essential. Data
Wiping certifications and Data Wiping standards are not the same. Data Wiping
standards refer to the way a device is sanitized and are defined by government
agencies. Any organization can follow these guidelines, but this does not
mean that the company has received a certification from that governmental
organization of compliance with its strict requirements.
Data Wiping
certificates highlight the ability of an Wiping method to meet the needs
of the most highly regulated industries. Certified Data Wiping methods
provide organizations with tamper-proof Wiping certificates, which are
audit-ready and help meet regulatory compliance goals.
No comments:
Post a Comment