Debunking Data Sanitization Myths

Data protection is critical for any organization. However, even after deleting or sanitizing sensitive data from storage drives or devices, it is still prone to be recovered. Now you’re wondering how! If you’re thinking that deleting/formatting data from storage media or degaussing the drives saves you from data leakage/theft, you’re among those who believe in such myths. Let’s address and analyze some common myths about data sanitization and correct them.

Myths about Data Sanitization

Myth 1. Mere deletion of files sanitizes the media
Myth 2. Formatting the drive wipes the data permanently
Myth 3. Degaussing works for all devices
Myth 4. Physical destruction of storage media is always the best choice

Myth 1. Mere Deletion Permanently Removes Data from Storage Media

When you delete files or other data from a storage media/device, only the references are removed but the data remains intact on the drive. Therefore, simply deleting your critical business data and disposing of the storage media exposes you to a risk of data breach/theft. You can easily recover deleted data by using a data recovery tool. It is better to use a specialized hard drive data eraser software such as BitRaser Drive Eraser that can erase data beyond the scope of recovery from a drive.

Myth 2. Formatting Wipes Data Permanently from Drive

Formatting is not a permanent data erasure solution. Its purpose is to provide the drive with a file system. After formatting, you couldn’t access the data but it may still be present on the drive/device. Anyone who gets a hold of a formatted drive can use a data recovery software to fetch the data and misuse it, thus putting your reputation and business at stake. According to a residual data study on second-hand devices by Stellar, 71% of devices contained personally identifiable information, personal data, and sensitive business data.

Myth 3. Degaussing Works for all Devices

Degaussing is a technique that works on magnetic storage devices that store data in the form of magnetic fields.

However, it can’t sanitize non-magnetic storage devices such as SSDs, which store data on semi-conductor chips, not on spinning platters. In the same way, it doesn’t work on optical media devices. Therefore, it is better to first understand the nature of storage media and apply the proper sanitizing method, accordingly.

On the other hand, degaussing is not an effective method to sanitize flash memory based storage devices and emerging magnetic storage media. According to NIST SP 800-88 Guideline, “Existing degaussers may not have sufficient force to degauss evolving magnetic storage media and should never be solely relied upon for flash memory-based storage devices or magnetic storage devices that contain non-volatile non-magnetic storage”. Therefore, it is better to use a data erasure tool, which supports NIST SP 800-88 and other international standards, for permanently wiping data from storage media.

Myth 4. Physical Destruction of Storage Media is Always the Best Choice

Physical destruction methods such as crushing, shredding, and disintegration are always considered the most effective for data sanitization.

However, it depend on the type drive and the shredder or crusher used for destruction. For instance, the standard industrial shredders are effective for HDDs as they store data on spinning platters. But SSDs store data on semi-conductor chips, which may sometimes slip through from industrial shredders. There are chances that data can be recovered from these chips.

On the other hand, shredding and other physical destruction methods are not feasible on company premises, due to logistical and financial constraints. The need to ship out storage drives to outside shredding facility for sanitization may pose a threat of data leakage from the media while it is in-transit.

Moreover, data sanitization by physical destruction of device is costlier and lead to e-waste. Also, it can only be done by experts with the help of media destruction equipment such as grinders, crushers, shredders, etc.

Consult an Expert

If you’re not sure which data sanitization method to choose, or you want an expert to take the call, you can seek the help of Stellar’s Data Sanitization Service. Stellar uses propriety tools and specialized equipment to sanitize confidential business data with utmost privacy and integrity.

Conclusion

Business data is crucial as businesses rely on it. Hence, you need to have an excellent data sanitization policy in place. It helps prevent data breach while disposing of the media, and keeps you away from piling up the unwanted storage devices due to non-disposal.

Data deletion or formatting the storage device are NOT the data sanitization methods. A data recovery software can recover deleted data and can also recover data from a formatted drive.

Therefore, you must have a proper action plan for data sanitization. It depends upon the type of storage device, its working condition, and the sensitivity of data.

Leave a Reply

Your email address will not be published. Required fields are marked *