Summary: Chances are you probably have leftover data that your current wiping methods are incapable of erasing or can easily be recovered with a free DIY tool. These data remnants create a situation also known as data remanence. It means you may have some data on your computer that you haven’t used over time. Also, you may be deleting them or formatting the drive but not irreversibly sanitizing them using a secure data wiping technology. This article will explain data remanence, its dangers, and how to destroy all data traces.
What is Data Remanence?
Data Remanence is referred to as the situation when remnants of data can be recovered, even after safely erasing/wiping them. It can be perilous when released in an uncontrolled environment (such as lost or thrown in dumpsters). This data remanence may result from data being left intact by file deletion or by reformatting storage media. Inevitably data remanence places sensitive information in danger of unethical hacking and data leakages when businesses dispose of, transfer, resell, or discard storage media.
Causes of Data Remanence: The Problem
Many operating systems, file managers, and other pieces of software offer the option of delaying the deletion of a file after the user requests it. Instead, a trash or recycle bin is used to relocate the file, making it simple for the user to undo a mistake. Similar to how many software comes with an auto-save feature, making backup copies of files that the user is editing. It is done so that the user can recover from a potential crash or restore the original version.
Operating systems do not truly destroy a file’s contents when deleted. The file’s contents—the actual data—remain on the storage medium, but they remove the file’s entry from the file system directory because this needs less effort and is, therefore, faster. The data will stay there until the operating system uses the space again for new data. Some systems additionally leave behind enough file system metadata to make it simple for freely available DIY data recovery software to recover the data. Until the data gets replaced, it can remain accessible by software that reads disc sectors directly, even after undelete has become impossible. The use of such tools is common in computer forensics. Similarly, it is unlikely that reformatting, repartitioning, or reimaging a system will write to every area of the disc. Still, they will all make the disc appear empty to most software—or, in the case of reimaging, empty except for the files present in the image.
Risks Associated With Data Remanence:
Recovery of lost data can result in dangerous circumstances, especially for businesses. Residual data can be disclosed and make unauthorized access to sensitive information possible. There are many risks associated with data remanence like:
Data Breaches:
Businesses store confidential data on their storage devices, including marketing strategies, intellectual properties, blueprints, and their customer’s private information such as social security numbers, payment card information, etc. This residual data, if recovered, can lead to a catastrophic data breach.
Violation of Regulations:
Data protection regulations mandate that businesses keep sensitive data securely stored. If any data gets leaked due to data remanence, the basic tenants of various protection and privacy regulations get violated. Moreover, penal provision of these data protection regulations can severely dent brand reputation resulting in monetary and legal complications.
Loss of Customer Trust:
Data breaches negatively affect a brand’s value and customer trust. According to studies, a data breach can result in 65% of customers losing faith in the brand and 85% of customers ceasing to interact with the company.
Financial Loss:
The recent SEC fine of US $35 Million on Morgan Stanley is just one example of the immense loss businesses can suffer due to data breaches. It is the continuing fine on Morgan Stanley for the same data breach incident in which they had earlier paid the OCC (Organization of Comptroller and Currency) a fine of US $60m, along with another preliminary settlement amount of $60m for a data breach lawsuit. In addition, the implications of data breaches can compound due to the various regulations that govern businesses. For example, the CCPA (data privacy law) of California can fine a company for a data breach, and the same data breach can lead to fines from federal laws like GLBA.
Countermeasures to Data Remanence: The Solution
National Institute of Standards and Technology (NIST), in its NIST 800-88 SP, specifies three ways for media sanitization that removes data from all areas of the storage medium (media) beyond the scope of recovery; i.e., by destroying all data remnants. NIST prescribes Clear, Purge, & Destroy as the three secure data destruction methods. We have already discussed these techniques in-depth in our series of articles like NIST 800-88- Clear & Purge techniques for HDD erasure.
NIST Clear utilizes logical data destruction techniques to remove data from storage devices, whereas NIST Purge utilizes both physical and logical techniques of data sanitization. The technique of destruction or NIST Destroy is used to physically destroy the storage media using brute force, rendering the media or device useless. Destroy is used as a last resort to destroy data when the device is inaccessible to either employ NIST Clear or Purge. These three techniques are implemented based on the sensitivity of data.
To prevent data remanence and its associated risks, secure data destruction methods like overwriting, degaussing, crypto-erase, & shredding need to be employed. We have discussed the pros and cons of each one of these destruction methods in our Knowledge Series Chapter 3- Data Destruction Methods and Techniques.
Several factors impede the effectiveness of these countermeasures like media that cannot be effectively erased, storage systems that maintain data histories, and data persistence in volatile memory. Therefore, businesses must have a policy for data destruction that addresses these factors. Nevertheless, implementing a combination of countermeasures can be beneficial in challenging situations.
To have an in-depth understanding of how to document a detailed data destruction policy citing the best practices basis the media type and the destruction methods, you can refer to our Knowledge Series Chapter 4- Data Destruction Policy.