Data
Deletion and Wiping may look similar, but should not be
confused. Deleting Data leaves Data recoverable, while deleting Data is
permanent. This is especially important for companies, since confusing
these terms can lead to significant problems.
There
is a lot of confusion surrounding the definition of Data wiping. The main
problem comes from thinking that formatting and the "Delete" button
are safe Wiping methods. They are not!
Despite
this, the vast majority of organizations believe that these are the appropriate
methods, which can expose their sensitive Data to a potential Data breach.
More
Data than ever
Organizations
create, store and send more Data than ever. In 2018, the global Data
volume was 33 zettabytes (ZB). By 2025, IDC predictions estimate that that
number will reach 175 zettabytes of Data worldwide. While corporate Data
is of great value, it also carries great risks. The more Data your
organization manages, the greater the risk of exposing it.
What
are the types of Data that exist?
·
Customer
Data - This
includes personally identifiable information (PII). Customer Data allows
you to identify a specific person by name, address, account numbers, financial
details, and Social Security number. It also covers protected health
information (PHI), such as medical records or associated payment Data.
·
Employee
Data - The same
type of Data as customer Data, but also includes salary and performance
reviews.
·
Corporate
Data - This may
include intellectual property, research and development Data, marketing
information, merger and acquisition information, financial results, internal
communications, and operational information.
Data
for sale
The
dangers of confusing deletion with deletion became apparent during one of our
recent studies. In conjunction with Blancco Technologies, we purchased 159
second-hand drives (a mix of HDD and SSD) from eBay and Amazon to analyze the
residual Data.
We
found sensitive residual Data in 42% of the devices and 15% contained
PII. This means that out of every 20 units tested, at least 3 contained
PII.
Some
of the examples of PII found:
·
A
unit of a software developer with a high level of government security
clearance. · Scanned images of family passports and birth certificates,
CVs and financial records.
·
College
student documentation and associated email addresses.
·
5GB
of archived internal emails from a major travel company.
·
3GB
of Data from a freight / transport company, along with documents regarding
shipment details, schedules and truck records.
·
College
student documentation and associated email addresses.
·
Commercial
information for a music store, with 32,000 photos.
·
School
documentation, including photos and documents of the names and grades of the
students.
One
of the significant conclusions of the study is that each of the vendors of the
units indicated that the appropriate Data sanitization methods had been
applied, ensuring that they did not contain any Data. The results indicate
that it did not happen and this is significant: while individuals recognize the
importance of erasing Data, the methods used are inadequate.
Formatting
and deletion
Formatting
A
common misunderstanding is thinking that formatting a drive is a safe way to
erase Data. It is certainly more reliable than simply deleting the files,
but a format will only make the operating system mark the area as deleted, thus
allowing an overwriting. You won't be able to see any Data on the screen,
but it will be there, available to be retrieved.
Recycle
Bin
Another
disposal method that is often mistaken for a way to erase Data is using a
computer's recycle bin. Any file sent to the recycle bin, even after
emptying the bin, is not deleted, but continues to exist on the drive. The
files are hidden, but most Data recovery programs can quickly recover these
files.
Data
Wiping software
Data
Wiping software permanently removes Data from IT assets such as computers, hard
drives, servers, Data center equipment, and smartphones. Using effective Data
Wiping software will allow your organization to reuse, resell or recycle all
its storage devices safely
Demagnetizers
A
degausser is a total Data destruction solution for magnetic media. By
generating a peak field of 18,000 gauss, the degausser erases 100% of the Data
from a device in a matter of seconds. This powerful electromagnetic field
exceeds the different oersted levels of the different magnetic media and the
gauss levels recommended by each manufacturer, which guarantees a complete
destruction of the device Data. More information here .
Shredders
are an effective and safe method of destroying HDDs, SSDs, smartphones and
mini-tablets. Each shredder reduces the devices to tiny fragments,
rendering them completely unusable. Being certified to the highest level,
shredders are an efficient option for the rapid and reliable destruction of
certain storage media.
Ensuring
that an organization has the correct Data Wiping standards is one thing, but
for those in highly regulated industries, certified Data destruction is
essential. Data Wiping certifications and Data Wiping standards are not
the same. Data Wiping standards refer to the way a device is sanitized and
are defined by government agencies. Any organization can follow these
guidelines, but this does not mean that the company has received a
certification from that governmental organization of compliance with its strict
requirements.
Data Wiping certificates highlight the
ability of an Wiping method to meet the needs of the most highly regulated
industries. Certified Data Wiping methods provide organizations with
tamper-proof Wiping certificates, which are audit-ready and help meet
regulatory compliance goals.
No comments:
Post a Comment