Three Data Removal Myths That Provide a False Sense of Security
As hardware and regulations change, it’s time for enterprises to carefully built – or re-evaluate – their data destruction policies and processes.
- By Russ Ernst
- June 19, 2023
Most, if not all, large enterprises have policies that dictate data retention and storage practices. Such policies can also specify secure data sanitization methods and processes for disposal of data. Unfortunately, many alarming data disposal myths still circulate, even within IT teams and data managers. Furthermore, over the years, we’ve witnessed protocols that IT teams deem to be sufficient for data erasure actually lure them into a false sense of security, leaving companies wide open to disaster should a breach occur.
IT decision makers must recognize – and counter -- the most common misconceptions and points of confusion if they are to develop policies that give IT teams confidence that data is securely protected against unauthorized access and that processes comply with data privacy and protection regulations.
As enterprises increasingly scrutinize their data security practices, we offer three foundational misconceptions that enterprise IT teams must bear in mind to prevent future problems.
Myth #1: Traditional data deletion techniques are adequate for data sanitization
There are many ways to attempt to remove a file -- such as data deletion, wiping, factory reset, reformatting, and file shredding -- but without proper context, these solutions independently can be incomplete. For example, deleting a file and emptying the recycle bin can remove pointers to files containing data but not the data itself. The data is easily recoverable until the data is overwritten.
A factory reset removes all used data as it restores a device to factory settings, but not all methodologies used in resets lead to complete erasure, and there’s no way to validate that all data is gone.
Data wiping is the process of overwriting data without verification. File shredding destroys data on individual files by overwriting the space with a random pattern of 1s and 0s. Because neither method provides verification that the process was completed successfully across all sectors of the device, they are considered incomplete.
Finally, reformatting, which is performed on a working disk drive to eradicate its contents, is another method where most of the data can be recovered with forensics tools available online. The misconception that reformatting makes data irretrievable was demonstrated in a past initiatives with data recovery firm Ontrack, which showed that 15% of IT storage devices purchased on eBay had retained personally identifying information (PII) data on them.
Myth #2: Stockpiling devices for future sanitization does not compromise data security compliance
Not only can fees for storing hardware get costly (with some organizations spending as much as $100,000 annually for onsite data center storage), but this practice can also create an additional layer of risk internally due to confusion about device chain of custody.
If an organization does not have complete visibility into who has handled each asset, there is no way to prove that the data was not compromised while in storage or moving from one location to another. This can also be an issue if external contractors or offsite locations are involved. Audit trails for the entire chain of custody are critical; performing data sanitization immediately upon decommissioning provides assurance that drive and device data are protected at all points of the disposal process.
Ultimately, stockpiling used, non-sanitized IT equipment without proper IT asset management must stop before it becomes a companywide data security and compliance issue.
Myth #3: Physical destruction of IT assets is 100% secure
Physically destroying IT assets through methods such as degaussing and shredding can be a valid data disposal option, but correct processes for each storage media type must be followed precisely to ensure data can’t be recovered.
Degaussing, for example, was designed for magnetic media, and is ineffective on modern SSD storage. Even with physical destruction, those methods can still put your data at risk. For instance, you can introduce a risk of loss or theft from insider threats or by giving a data destruction service access to devices that still have data on them. Whether destruction is conducted at your location or transported to an IT asset disposal (ITAD) facility, there’s risk in relying on this method alone because there are many points of vulnerability.
Physical destruction can also be harmful to the environment by leaving shredded assets behind and creating unnecessary e-waste. ESG policies are becoming more prevalent, and companies are anticipating more regulations that dictate stringent limitations on practices that have a detrimental environmental impact. This includes the U.S. Securities and Exchange Commission regulation on measurement and reporting of direct and indirect carbon emissions from purchased electricity or other forms of energy starting in 2024.
These misconceptions about common data destruction methods are not new by any means, but they continue to be perpetuated, nonetheless. Continuing education is needed to show IT decision makers the evolving capabilities that can ensure the successful completion of data sanitization processes. Secure data sanitization best practices require a three-step process that includes: erasing the data, validating that the data has been erased, and getting a report on the erasure.
Obtaining documentation that shows an audit trail and verifies that the complete data sanitization process has occurred is key to proving to auditors that correct data disposal processes have been followed. The audit trail of component parts includes tamper-proof reports, or certificates, of erasure that document what was erased, when, and by what industry standard. Furthermore, the data-destruction software partner should be able to point to global certifications as a way of confirming their software’s ability to meet the data security and compliance needs of the most highly regulated industries and organizations, as well as third-party validations that confirm that data erasure software lives up to vendor promises.
Russ Ernst joined Blancco in 2016 as executive vice president of products and technology. and in September 2022 was named chief technology officer. He is responsible for defining, driving, and executing the product strategy across both the data erasure and mobile diagnostics product suites. Critical parts of his role include developing a strong team of product owners and cultivating an organizational product culture based on continuous testing and learning. You can connect with the author on LinkedIn.