Secure Data Destruction – SY0-601 CompTIA Security+ : 2.7

There are many ways to permanently remove data from a storage device. In this video, you’ll learn about physical destruction, purging data, and data wiping.

<< Previous Video: Secure Areas Next: Cryptography Concepts >>

 


As a security professional, you’ll be tasked with knowing what data can be destroyed and what data must not be destroyed. There’s usually a data destruction and media sanitization policy as part of your normal security policies, and this can sometimes be a legal issue. There may be types of information, such as emails, where you are legally obligated to keep that information around and it must be stored for future reference. You might even want to consider having an offsite storage to be able to have all of that information archived.

You also don’t want to take something that is critical information and throw it out with the regular trash. This would mean anyone going through your trash or your garbage cans would be able to find any of this media or this printed material. Physically destroying the drives may be a much better idea than simply throwing them out with the trash. And in some cases, we want to be able to reuse these storage devices for other purposes in our organization, but you want to be sure that no one would be able to recover any of the previous data, so sanitizing these storage devices the proper way will make sure that no one can go back and see anything that was stored on that device previously.

If you’re throwing out printed material or any type of media, you want to be sure that your garbage facility is secure. Usually you want to put this behind a fence and often use a lock so that third parties can’t gain access into that garbage. You might also want to shred all of these important documents so that no one would be able to read anything that’s there. Of course, you can only go so far with the shredding process. This takes time and money, and of course someone who really has a lot of time could put all of these small pieces of shredded documents back together.

That’s why many governments will simply burn any of the documents that they don’t want somebody else to read, because there’s no way to undo that burning process. And if you really wanted to be sure that all of these documents were unreadable, you would pulp this paper, which would be removing the ink from the paper and recycling the paper so that no one would be able to read what was there previously.

One way to prevent anybody from gaining access to the data stored on our storage devices might be to physically destroy our hard drives and other storage media. You might want to use a shredder or a pulverizer to do that, or simply use a drill to put a hole directly through the hard drive, which would mean no one would be able to read anything on that drive. You can also use a hammer to break these platters, which would also prevent anyone from recovering any data.

You can also use a strong magnetic field, which is a degausser, to be able to remove all of the data that is stored on the magnetic fields of this hard drive. Not only does this delete the data from the platter, it also removes any of the important configuration information on the drive, which means that this hard drive would never be able to be used again. And like our paper media, we could also burn our digital media as well. There are organizations that will incinerate your digital information, making sure that no one would be able to recover that data.

You usually don’t have a pulverizer or an incineration tool inside of a facility, so you’re often sending this equipment out to a third party and having them do the pulverizing or the incineration. In that scenario, you need some type of evidence that the destruction was actually done. These certificates are provided by a third party that confirms that they were able to destroy everything on these drives, and they provide you with the documentation or paper trail that shows exactly what serial numbers and devices were destroyed by this third party.

If you don’t want to destroy the media– you may just want to remove some of the data from the media. If you want to remove a portion of the data, then you’re doing a purging of that information. This would remove a single file or a section of data from an existing data store. For example, if you want to delete some of the data that’s in a database, you would simply perform a purge on that data.

In some cases, we want to remove data so that it could never be restored. And in that case, we would want to wipe that particular data. This is an unrecoverable removal of that data. So not only are we deleting the file or deleting that section of the database, we’re making it so that that data could never be restored on that system. This is the process we would normally go through if we wanted to reuse that hard drive or reuse that storage media on another system but make sure that the person using it on that other system would not be able to recover the original data.

There could be significant financial reasons to make sure this data is erased. An example of this occurred in July of 2013 with the UK National Health Service Surrey. They had hard drives that were sent to a third party to be destroyed, but the third party did not destroy those drives and instead sold those drives on eBay without removing any of the data. A person who purchased this drive on eBay contacted authorities, and the National Health Service was fined 200,000 pounds.

There are a number of relatively simple ways to be able to remove this data so that no one would have gained access to it. To do individual files, you could use something like SDelete, which is a utility available from Windows Sysinternals. You might also want to delete everything on the drive. There are many utilities to do this. One of the more popular is DBAN, which is called Darik’s Boot and Nuke.

And lastly, if you wanted to physically destroy the drive, that would be the ultimate way to make sure that no one would gain access to that data. And you can either destroy a device yourself or send large groups of devices off to be destroyed by a third party.