National Institute of Science and Technology (NIST), which provides technical leadership for the United States' measurement and standards infrastructure, defines media sanitization as:
"The general process of removing data from storage media, such that there is reasonable assurance that data may not be easily retrieved and reconstructed."
During the transfer or disposal of storage media, it is imperative that the deleted data from storage media (whether residual magnetic, optical, electrical or any other form) is not recoverable. Sanitization of storage media refers to a process of removing data, with assurance that the data cannot be retrieved or reconstructed. This is to maintain data privacy standards and smooth exercising of privacy controls. There has to be defined means and mechanisms to protect leakage of sensitive information, across the IT-asset lifecycle.
Need for Media Sanitization
As per NIST - Media sanitization is the key element to maintain data confidentiality. Organizations need to exercise proper control on 'confidential information' to avoid data leakage that happens due to improper disposal of storage media or reconstruction of ineffectively sanitized e-media/refurbished media. This is to ensure that Personal Identifiable Information (PII) is protected, reference 2.3 of NIST guide. Organizations are required to follow data protection laws, regulations, and mandates governing the management of Personal Identifiable Information (PII). Violations of these laws can result in civil or criminal proceedings. Organizations may also have obligations to protect PII as per their own policies, standards, or management directives.
Scope of Media Sanitization
NIST guidelines for media sanitization & data protection states that the sanitization operation is to be performed on complete data stored on the media, as it may be difficult for media sanitizer to differentiate sensitive data, in particular. Also, partial data sanitization is risky and not approved as per NIST guidelines.
Several techniques are employed to sanitize the media. As an example, amongst the flash drives - SSDs, memory cards and USBs, it is recommended to overwrite the data with agency approved and certified data erasure techniques, methods & tools. Alternatively, incinerate, shred, pulverize or disintegrate the flash drives, though these are not favorable means of data destruction due to environmental impact, secure media destruction, etc. Infact SSDs cannot be purged by degaussing as these do not store data magnetically.
Once the decision for media sanitization is made w.r.t means of sanitization & the type of media then question arises as to who should be the decision maker? Who will determine what, when and how the data is to be sanitized?
Roles and Responsibilities
NIST data security helps categorize and assign media sanitization roles and responsibilities as per the following:
- The team of professionals – Chief Information Officer, Information System Owner, Information Owner, System Security Manager, Privacy Officer, & Users
- Defining information decision guidelines as in PSUs, Government organizations and IT Asset Disposition companies (ITADs)
- Determining and categorizing security as per compliances - SOX, HIPAA, PCI-DSS, and EU-GDPR etc.
In the decision process of media sanitization, confidentiality of the information plays a key role, the type of media plays a secondary role. Decision makers decide upon the kind of sanitization basis requirements of individual cases. Decision is made for safe disposal of leased or end-of-lifecycle IT assets to tackle data breach situation and meet legal compliances. Physical destruction methods are ruled out as these are not environment-friendly, instead media sanitization through ITADs is preferred by decision makers. ITADs provide safe & certified cost-effective data erasure by using international standards of erasure.
Control & Reuse of Media
NIST Guidelines for media sanitization defines that the IT asset should be disposed off via a process flow using appropriate roles and responsibilities and organization must maintain different levels of security based upon the data confidentiality level. Along with, the risk-based decision of sanitizing media, the organization should also consider the following –
- Consequence of information retrieval from sanitized media, it's cost and efficacy, and
- Cost involved in sanitization and its efficacy.
- Risk factor for the duration for which the data remains sensitive.
NIST explains media sanitization technique in an appropriate manner through the following graphic:
Figure 1: Illustrates "Sanitization and Disposition Decision Flow" as per NIST SP 800-88 Guidelines for Media Sanitization
Media Sanitization Techniques
Commonly used media sanitization techniques are data erasure, degaussing, shredding, factory resets, data deletion, reformatting and physical destruction.
- Techniques like shredding, factory resets, data deletion and reformatting are incomplete methods of media sanitization.
- Degaussing eliminates the magnetic field from the storage devices thus rendering the data available on these devices unrecoverable.
- Data erasure overwrites the data using zero and one to destroy the available data on the digital media.
NIST regulations briefs on the type of media and preferred media
|Floppy Disks, Disk Drives||Overwrite using agency-approved software||Degauss in an NSA/CSS-approved degausser.||Incinerate Shred|
|ATA Hard drives, SCSI Drives||Overwrite using agency-approved software||Secure Erase, Degauss, or Disassemble and degauss the enclosed platters.||Incinerate Shred Pulverize Disintegrate|
Destroy in the following order –
|Flash Media – USBs, Memory Cards, SSDs||Overwrite using agency-approved software||Secure data erasure||Incinerate Shred Pulverize Disintegrate|
NIST guidelines define the processes that guide organizations to have adequate control over the information they possess and safeguard it through proper disposal of used and retired media. Though various techniques are employed to sanitize the media, two factors should be considered foremost – data confidentiality and environmental issues. Data sanitization techniques based on asset destruction are costly, generate massive e-waste and are not suitable for all types of storage media. On the contrary, data erasure software guarantees media sanitization across all IT assets including HDDs, SSDs, Servers and more, and also retains the hardware for refurbished use. Software such as BitRaser is NIST 800-88 compliant, and generates a certificate for secure and responsible data erasure. It provides an environment-friendly means of media sanitization, with tamper-proof audit trails for data privacy.