The current digital landscape sees an increasing number of data security breaches headed by high-profile attacks on familiar companies like Starwood-Marriott and Facebook. But data security is still a fairly obscure topic. At the time of writing this post, 64% of people still weren’t able to identify the correct definition of data sanitization.
What’s more, data recovery studies and media reports have repeatedly shown how easy yet dangerous it is to recover data—all because the devices storing the data hadn’t been sanitized before they were discarded, recycled, traded in, reused, or resold.
This can be troubling for businesses large and small as it proves how difficult combating potential breaches can be. After all, your data is still at risk of being compromised even with protections like strong passwords, firewalls, and data encryption in place.
Today, we’ll discuss one of the most effective ways to prevent any misuse of your data once you no longer need it: Data sanitization. Read on as we explore the concept in more detail below.
What Is Data Sanitization Anyway?
In an IT environment, data is stored on different forms of media, such as hard drives, CD-ROMs, tape drives, and USB flash drives.
When you don’t want any data on any storage media, you must ensure all the data is removed securely to prevent unauthorized access. This becomes imperative if the stored data is sensitive to comply with the FERPA regulations.
This is where data sanitization comes into the picture.
Data sanitization is the process of purposefully and permanently destroying data from a storage device to make it non-recoverable. It helps ensure the storage device has no residual data and that no one can recover the data, even with advanced forensic tools.
Here’s a shocker: When you delete data from storage media, the data isn’t actually erased. Simply deleting your data is NOT enough.
Not only that, it’s still possible for a malicious agent to gain access to this “deleted“ data and use it for their benefit. Any negligence puts your data’s security at risk and compromises data privacy—both of which are highly undesirable situations.
Luckily, with data sanitization, your storage media will be cleansed in a way that there’s no leftover data on the device. No one can recover sanitized data.
Why Is Data Sanitization so Important?
Ultimately, data sanitization can be an excellent technique to protect sensitive information from leaving your organization. It protects your company’s data and mitigates any risk in disposing of wanted assets—all the while ensuring data compliance and security at all times.
Let us explain this with the help of an example.
Suppose you’ve partnered with an IT Asset Disposition company. This partnership gives you the benefit of reselling your outdated tech to offset any additional costs. But it also means your used equipment will go to a new buyer, someone who isn’t a part of your organization.
You should ensure the buyer only gets your used equipment and not your data.
As discussed above, simply deleting your data and calling it a day still leaves your data at risk. You have to take the data sanitization approach and make the data irrecoverable.
How Data Sanitization Works
To understand how data sanitization works, you must know the four primary methods to achieve it: physical destruction, cryptographic erasure, data erasure, and data masking.
Let’s take a quick look at these methods.
1. Physical Destruction
Physical destruction is perhaps the most obvious way to sanitize data by physically destroying the storage media device itself. For example, with computers and other hardware, you can Hulk out and smash the laptop or destroy the hard disk. That usually takes care of it.
You can also carry out the physical destruction of storage media in two other ways:
- Using a degausser, which will expose the device to a strong magnetic field to irreversibly erase data on hard disk drives (HDD) and most kinds of tapes.
- Using industrial shredders to cut the devices into pieces.
But there is a downside to these techniques.
Firstly, they ultimately damage the storage media so re-selling or giving the device away is out of the question. Secondly, they are complex and expensive to carry out and can also harm the environment.
2. Cryptographic Erasure
This data sanitization technique uses public-key cryptography with a strong key of at least 128 bits to encrypt all the data on the storage device.
Without this key, nobody will be able to decrypt the data, which practically makes it irrecoverable. Therefore, if you discard the private key, nobody will be able to access the stored data.
Many consider encryption as one of the fastest and most effective ways to sanitize storage devices. We recommend using this technique for removable or mobile storage devices or devices that contain highly sensitive information.
This method has its fair share of challenges, though. It relies on encryption features that come with the storage equipment. So it’s possible the equipment isn’t suitable. It may also fail because of user errors, key management negligence, or the intervention of malicious actors when they manage to obtain the key before it’s disposed of.
Moreover, cryptographic erasure doesn’t meet the regulatory standards for data sanitization since the data is only encrypted—or in other words, the data remains on the device.
3. Data Erasure
Data erasure uses software to write random numerals (0 and 1) on every sector of the storage equipment so that no previous data is retained.
Several organizations find data erasure to be a very reliable form of sanitization since it validates that the whole data is replaced—even at the byte level. Besides, you don’t have to worry about your device getting destroyed and can sell or reuse it.
That said, data erasure is a very time-consuming process that requires each decommissioned device to go through a strict sanitization process. It’s also a difficult method to carry out during the lifetime of the device.
4. Data Masking
Data masking is the last data sanitization method widely used in compliance strategies, with a few standards explicitly requiring it.
With data masking, you create fake versions of the real data, where the phony version retains structural properties of the original data—for example, you can replace the real customer addresses with randomly selected addresses.
Some of the most common data masking techniques include character shuffling, word replacement, and randomization. For all three methods, the masked version of the data cannot be reverse engineered to get the original data values, which is why data masking is so effective for sanitization.
Furthermore, this technique can sanitize data on the storage device even when it is still in use.
How to Get Started With the Data Sanitization
Getting started with data sanitization, despite popular belief, is a very straightforward process. Below is a list of steps to help you understand and implement data sanitization better.
Step 1: Prioritize and Scope Your Data
Your organization must identify risks associated with the lack of control over information and the need for an information cycle approach that entails proper data sanitization processes for every step.
Try to identify information stores and applications, and dedicate resources to data sanitization as it’s implemented.
After identifying the risks, you should create a checklist that presents the different types of information to be considered. Think of this as a data audit that will include all kinds of data collected, stored, processed, archived, and, of course, disposed of.
Here’s a list of things the information may include:
- Customer employee records
- Personally identifiable information (PII) transaction or sales records
- Email and other corporate communications
- Customer support documentation
- Legal documents
- Marketing material
While you’re at it, break down every application that is storing these records. This can include databases, CRM systems, Microsoft applications like Excel or Word, endpoints/employee laptops, and so on.
Step 2: Observe and Analyze Data Exposure Risks
After determining your data sanitization program’s scope, focus on figuring out regulatory requirements and overall data exposure risks. You’ll have to detect threats and vulnerabilities of data storage, systems, and assets used for processing the data.
The main aim is to understand the data is subject to regulatory requirements and the risk exposure of the data from the different category types and applications/systems. You should also prioritize the risk exposure based on the type of data and a storage device on a scale of 1-10, with 1 being the highest risk exposure and 10 being the lowest exposure to risk.
Step 3: Carry Out a Risk Assessment
Conducting a risk assessment will allow you to identify the risk of regulatory action, including oversights and fines, imposed by regulators depending on the current state of data protection in your organization.
Once done, try to quantify potential risks to your organization from improperly disposing of your data. This can include loss of IP, impact on brand and customer satisfaction, and breach notification costs.
Step 4: Create a Target Profile
After creating your priority list of business processes, including types of data and storage devices with the greatest impact of risk, you should establish goals for managing data sanitization.
You have to create a target profile, which will be your desired end state. This will be a fully implemented data sanitization program, where you define the retention period and appropriate sanitization method for every prioritized business process and information class.
Make sure you map out the future state of where, when, and how data sanitization will take place for every process.
Step 5: Determine and Prioritize Gaps
In this step, you have to decide what technologies, processes, and people you would need to move from your current state to the target profile you created in step four.
Imagine a scenario where you want to return your data center assets to the manufacturer for a warranty. However, you forget your information is still left on them.
This is a very common data sanitization gap. To avoid this mistake, your team should deploy a full disk erasure process before returning the drives to the manufacturer.
Step 6: Implement an Action Plan
You have to improve data sanitization practices across your enterprise continuously, aiming to make it better and even more effective. But to close any gaps, you’ll first need a solid action plan.
We recommend creating measurable milestones and revisiting your data sanitization strategy every year to stay at the top of things.