In a recent blog, we discussed the methods of data erasure; most organizations have a technique or protocol in place, but how can they be sure that it's 100% effective and that every trace of data has gone? There are also circumstances where clients ask for third-party proof of the erasure process for regulatory purposes. The answer is erasure verification.
What is erasure verification?
When an organization wishes to repurpose or dispose of second-hand media, erasure verification will give them the confidence to ensure that the erasure method they are currently using is effectively destroying 100% of the data.
Erasure verification will provide a written report that details the effectiveness of your organization’s erasure process, giving peace of mind to dispose of any media securely without risking a data breach.
Match the method to the media - and verify, verify, verify
The ‘NIST 800-88’ published by the National Institute for Standards and Technology, provides guidelines to ensure organizations are using effective data sanitization methods. A key part of NIST 800-88 is its recommendation to verify any data sanitization method that is undertaken.
“Verifying the selected information sanitization and disposal process is an essential step in maintaining confidentiality. Two types of verification should be considered. The first is verification every time sanitization is applied…The second is a representative sampling verification, applied to a selected subset of the media. If possible, the sampling should be executed by personnel who were not part of the original sanitization action.”— NIST SP 800-88, Rev.1, “Information Sanitization and Decision Making.”
The NIST gives specifications for verification methods dependent on media type along with sampling sizes. The guidelines lay out two options for verification:
- Verifying that sanitization has been applied to all media in question
- Verifying a sample of the media to show that no data is recoverable.
Without a verification process, organizations’ data could be vulnerable to data breaches. For those in heavily regulated industries especially, proving the effectiveness of the data sanitization method is essential to prove compliance with data security regulations and guidelines.
Proof of NIST 800-88 sanitization comes in the form of a detailed certificate. Available in either hard or soft form, the certificate validates that rendering of the data resulting in it being irretrievable from the media. Without a certificate proving erasure verification, the data sanitization method is not complete.
Why do we need data security?
We all know data security has been a hot topic in the news. Companies are continually under fire for data leaks one way or another. Many corporations across the world are receiving requests from their clients to present third-party verification of their data erasure process to prove that they are properly disposing of their data. It is also becoming part of a company's due diligence to verify their data erasure methods to be sure their data is safe.
Erasure Verification Services are necessary to guarantee the erasure of data on media intended for reuse or disposal. Organizations that do not verify the destruction of data on their media leave themselves open to accidental exposure or theft of sensitive data.
Erasure verification services not only determine the validity of your erasure process, but it can also provide your organization with documented proof of your sanitation.
How does the erasure validation process work?
- Preparation of the device – We will ask the customer to write a specific data pattern on the device they wish to run the erasure validation process on.
- Sanitization procedure – The customer will run their own data sanitization process. Ontrack can run the process for the customer is they require.
- Analysis – An in-depth analysis of the media will take place where we will search for any remnants of data.
- Erasure validation report –We create a final report that we deliver to the customer detailing the process and the results.
Why choose erasure verification?
Choosing an erasure verification service will eliminate the possibility of theft or accidental exposure of your organization’s sensitive data. It will also ensure you maintain control of your internal data and allow you to manage compliance requirements, quickly and efficiently. Additionally, erasure verification provides:
- A full chain of custody
- Strict security protocols
- Erasure certificates for compliance
- Ensure the disposal of end-of-life media to government standards
Overall, erasure verification is a service that organizations should consider to ensure that their data destruction methods are 100% effective. In today’s digital landscape, organizations can’t be too careful when it comes to protecting sensitive data – whether it’s their customers or the company’s own