Businesses produce vast quantities of data, including personal data of clients and sensitive information, such as business plans and design prototypes. Data in the wrong hands can be devastating. Your rival would like nothing better than to know your projected sales figures for the next financial year.
At the end of the life cycle, storage media has to be properly disposed of by using NIST-approved data wiping software. Otherwise, the compromised data could negatively impact your business.
What is NIST?
NIST is an agency of the US government. Formerly, it was known as the Bureau of Standards. It is a physical science laboratory that issues guidelines about measurements and protocols that should be applied to businesses.
What is NIST 800-88?
Data sanitization is the process of making data irretrievable from storage media. It began to attract scrutiny in the 90s. The coming of the internet had made hacking possible and enterprises began to study data lifecycle and ways to dispose of old data.
At that time storage media was hard drives (floppy disks contained 1.4 MB of data). They were easy to destroy. But with connected devices—smartphones, PDA, laptops the system needed formal protocols.
To cope with the situation, the NIST 800-88 was first published in 2006. It has since then become the standard manual for data sanitization and has 2 revisions to make it up to date.
The 57-page manual has an enormous amount of details. We shall share a brief summary of what NIST recommends.
Types of data cleaning
Data cleaning can be of three levels: Clear, Purge and Destroy.
- Clear is simply emptying out data. Delete is not enough since it leaves the entire file intact. A full format is a form of the clearing.
- Purge is more systematic. Purge uses overwrite, block erasure, and cryptographic erasure. To satisfy NIST standards, one pass of overwriting with binary 0s is enough.
- Destroy is the most extreme and consists of shredding and pulverizing the storage media.
Encrypted drives have to be purged using the TCG Opal SSC or Enterprise SSC interface.
Verification of sanitization
It is not enough to wipe a hard drive. There has to be a proper verification of the process. Since modern drives are large (500 GB to 2 TB is average) verification can take an immense amount of time.
The process becomes cumbersome if the 0 writing takes a few hours, followed by a whole day for verification of every bit.
NIST 800-88 resorts to sampling.
The entire drive is broken into subsections of equal size, e.g. 200 MB each. From every subsection, two randomly chosen locations would be fully verified. Each random location would be at least 5% of the subsection. The first and last subsections of the drive would also be included.
Thus at least 10% of the drive would be randomly tested.
Documentation of erasure
It is not enough to sanitize and verify. The software must produce a paper trail for a data audit.
The details of the report have to contain:
- Serial Number
- Type of drive
- Erasure, Clear and Purge details
- Verification standard
- Operator name
- Date and time
Besides other technical details.
Stellar BitRaser – NIST Approved Data Wiping Software
BitRaser is a state-of-the-art data sanitization software developed by Stellar Data Recovery, a well-recognized name in the domain. Stellar is almost 30 years old and has several companies from Fortune 500 among its clientele.
BitRaser is a NIST-approved software meant to protect privacy. Laptops, external hard drives, phones, and memory cards need to be sanitized before they are handed over to ITADs and refurbishers.
BitRaser is wholly developed and designed in India and offers an affordable solution to businesses, governments, ITADs and resellers, and individuals.
Features of BitRaser
- BitRaser, a NIST-approved wiping software, can wipe data according to 24 global standards e.g. NIST 800-88,
- US DOD 5220, German VSITR, British HMG IS5.
- The user can set five customized algorithms.
- Erases data from all storage devices—HDD, SSD, memory card, USB storage, and servers.
- Works with all interfaces—PATA, SATA, IDE, USB, FireWire, NVME, and more.
- Erases hidden sectors like HPA and DCO.
- Works from USB and on 32 and 64-bit machines.
- Provides complete cloud integration for creating, storing, and sending reports.
- Creates tamper-proof certificates in PDF and CSV and XML.
- The report can be customized with new fields as necessary.
- BitRaser is Certified Across the Globe
BitRaser, a NIST-approved software, has been tested by major stakeholders.
NIST tested BitRaser in 2020. True to its name, the software worked in a stellar fashion. The test used CFTT equipment to find if it worked well on HDD and SSD.
The data was completely erased, and the drives were emptied of all information. Since NIST 800-88 is the gold data erasure standard, the certification is precious.
The Health Insurance Portability and Accountability Act (HIPAA) is responsible for patient confidentiality in the US.
It works tirelessly across the health sector to ensure that data transmitted to and from medical professionals, testing labs, hospitals, and insurance are not compromised. Every hospital and medical institution, as well as an insurance company, needs to use HIPAA-certified software for managing data.
Stellar has been given the coveted HIPAA Seal of Compliance after rigorous testing of its mechanisms. Using BitRaser, a public health institution can become HIPAA compliant.
Ontrack Erasure Verification
Kroll Ontrack offers verification for data erasure services. They provide certification that software is capable of efficient data erasure. Ontrack writes, erases, and verifies the media thoroughly for any remnant.
They used a 1 TB Western Digital HDD for their test and BitRaser performed perfectly, erasing data from every sector.
Other certifications include:
If you are planning to sell old computer hardware, you must be sure they do not contain classified data. Using NIST-approved wiping software provides you peace of mind. A government is not the only entity that has secrets. Businesses have to maintain confidentiality or their rivals would overtake them.
Why take a risk? Before you let old hardware out of premises, wipe them with BitRaser, a NIST-approved software, and be sure.