There is no doubt that many misconceptions exist in the minds of computer users about what really deletes data. IT professionals and individuals tasked with disposing of unwanted equipment, from IT devices through laptops and smartphones need to understand some of the basics.
Who Sets The Standards For Data Sanitisation?
The answer for us in the UK is the UK Government’s security services in the shape of GCHQ in Cheltenham – or at least one division of that organisation called the Communications-Electronic Security Group: CSEG. The relevant standard is Infosec Standard 5, which is a data destruction standard and is used by the Government itself.
What Are The Main Highlights Of Infosec Standard 5?
It sets out in some detail what is required for satisfactory data destruction. That means not just the physical deletion of data but also the framework of processes, procedures, certification, documentation, verification and record keeping that must be maintained. Without that robust supporting framework of evidence, nobody would be inclined to have confidence that data was actually destroyed. In short, the standard demands an exceptionally high level of professionalism in those organisations and asset disposal companies that claim to adhere to the standard.
What Tools Are Recommended For Secure Data Disposal?
Infosec Standard 5 requires any software tools utilised to have first been certified by CSEG, which makes perfect sense. For example, as an accredited data disposal service, we use high end Blancco software, which has been certified by CSEG since 2015. You can read the CSEG approach to tool standards in their downloadable PDF Overwriting Tools For Magnetic Media. Another interesting document is by the Government Legal Department (GLD) and its recommendations for the legal profession surrounding the whole area of encryption and destruction Encryption and Erasure Products.
My HDD Is Encrypted – Does That Make It Safe?
The short answer is No. Any encryption method can be cracked, in theory at least. For example, processing power nowadays is of a scale of magnitude that was inconceivable just a few short years ago. It means that brute force methods can successfully decrypt earlier encryption methodologies. The result is the public appearance of data from an earlier era that was thought to be inviolate back then. Despite the claims nowadays that it would take xx million years to crack a specific encryption methodology, the old saying holds true: where there’s a will, there’s a way. Technology advances rapidly and it pays not to underestimate the ingenuity of the criminal mind. Encryption can be compared with a sturdy lock on a door. It will withstand strenuous attempts to gain entry but is no match for explosives.
Is Overwriting A HDD or SDD Enough?
Forensic experts may have the capability to sense so-called “ghost data” even if a drive has been overwritten with a series of random binary zeros and ones. For that reason, it is recommended that the overwriting be carried out multiple times – as many as seven times according to some sources. However, common sense dictates that the effort expended be in proportion to the sensitivity of the data that is being destroyed. Undoubtedly, proper physical destruction of the drive is the ultimate protection.
How Should A HDD Be Physically Destroyed?
You can literally take a hammer to it or use a power drill to drill several holes through the platter for HDDs. Commercial organisations may be advised to engage the services of professional IT asset disposal services to deliver copper-fastened 100% guaranteed, tracked and document data destruction that will stand up to any scrutiny and challenge.
Find Out More
The surge in the volume of mobile devices in the workplace is matched by a high turnover rate that means this medium requires careful attention and data sanitisation. Find out more by downloading our free Guide To Mobile Data Sanitisation that addresses the issues involved.