Data Sanitization

Also known as Data Destruction. A process that renders access to target data on the media infeasible for a given level of effort

Databyte Solution Data Sanitization / Destruction Services for organizations

US Government NIST 800-88 Rev 1 Compliant Data Sanitization Services

Onsite and Offsite Degaussing, Crushing, Shredding, Secure Erasure

ISO 9001 and 14001 Certified Processes with NSA / CSS evaluated equipment

Auditable processes and Evidence of destruction of storage medium

Best Value Guaranteed** for both onsite and offsite service

If you are a highly regulated industry (prime examples being the financial, insurance, technology, pharmaceuticals, communication, energy, healthcare, public sector and education industries), Proper Data Sanitization is essential and not an option or afterthought.

Read our Data Sanitization Guide or Contact us to find out more!







What is Data Sanitization (Data Destruction)?

Sanitization refers to a process that renders access to target data on the media infeasible for a given level of effort (page iv, NIST SP 800-88 rev 1)

For the generally accepted NIST 800-88 Rev 1 guidelines, it classifies data sanitization into three levels of Clear, Purge and Destroy. All three are generally acceptable methods for data sanitization, and the choice of methods mostly depends on how the user classifies their data importance.

You can read more about the different standards for data sanitization here (NIST 800-88 Rev 1, NSA / CSS 9-12, NSA EPL)

Why Data Sanitization (in short)

For you and your organization's protection!

It is no longer a matter of if, but rather how and when an organization's information and data are breached. End of life data and information breaches are one of the key vectors for a security breach into an organization.

By preventing information breaches when disposing of used IT equipment, organizations can close off one more vector of attack and avoid potential financial losses, lawsuits, or regulatory fines and punishments. According to IBM's Cost of a Data Breach Report, the average per (line) record cost of a data breach in 2021 was USD$161.

Two independent studies conducted by Kessler International and Blancco Technology Group also found that 40% and 67% of the disk drives purchased from ecommerce sites still contained sensitive information from their previous use. These included personally identifiable information, financial information, company emails, spreadsheets and photographs.

Common Methods of Data Sanitization

Degaussing

The degaussing process changes the magnetic domain where data is stored (for magnetic media), and this shift in domain makes data unreadable and unable to be recovered.

HDD destruction

HDDs are bent into half, damaging the read/write head, actuator, controller board and most importantly the platters used to store information.

SSD onsite destruction

SSDs are penetrated by multiple spikes, causing irreversible physical damage to the controller and memory chips used to store information.

Shredding

Shredding destroys any storage medium irreversibly. Each single piece of storage medium is disintegrated into hundreds of separate pieces.


Why Data Sanitization (in full)

The modern storage environment is rapidly evolving. Data may pass through multiple organizations, systems, and storage media in its lifetime. The pervasive nature of data propagation is only increasing as the Internet and data storage systems move towards a distributed cloud-based architecture. As a result, more parties than ever are responsible for effectively sanitizing media and the potential is substantial for sensitive data to be collected and retained on the media. This responsibility is not limited to those organizations that are the originators or final resting places of sensitive data, but also intermediaries who transiently store or process the information along the way. The efficient and effective management of information from inception through disposition is the responsibility of all those who have handled the data.

The application of sophisticated access controls and encryption help reduce the likelihood that an attacker can gain direct access to sensitive information. As a result, parties attempting to obtain sensitive information may seek to focus their efforts on alternative access means such as retrieving residual data on media that has left an organization without sufficient sanitization effort having been applied. Consequently, the application of effective sanitization techniques and tracking of storage media are critical aspects of ensuring that sensitive data is effectively protected by an organization against unauthorized disclosure. Protection of information is paramount. That information may be on paper, optical, electronic or magnetic media.

An organization may choose to dispose of media by charitable donation, internal or external transfer, or by recycling it in accordance with applicable laws and regulations if the media is obsolete or no longer usable. Even internal transfers require increased scrutiny, as legal and ethical obligations make it more important than ever to protect data such as Personally Identifiable Information (PII). No matter what the final intended destination of the media is, it is important that the organization ensure that no easily re-constructible residual representation of the data is stored on the media after it has left the control of the organization or is no longer going to be protected at the confidentiality categorization of the data stored on the media.

Databyte Solution List of Data Sanitization Services

  • Degaussing - Destroys all magnetic domains on magnetic based medium

  • Crushing - Bending of storage medium in half to destroy the read/write head, actuator, controller board and the storage platters

  • Shredding - Disintegration of storage medium into many smaller pieces

  • Erasure (Overwrite, Secure Erase, Cryptographic Erase through native SCSI / SAS / SATA / NVMe interfaces when applicable)


Our equipment and processes will help to satisfy standards including:

  • NSA/CSS/DoD Top Secret

  • NIST SP 800-88r1

  • IRS 1075

  • CCPA (California Consumer Privacy Act)

  • GDPR (General Data Protection Regulation)

  • GLBA (Gramm-Leach-Bliley Act)

  • HIPAA (Health Information Portability and Accountability Act)

  • PCI DSS 3.2 (Payment Card Industry Data Security Standard)

  • PIPEDA (Personal Information Protection and Electronic Documents Act)

  • TAA

Databyte Solution Data Sanitization Equipment

NSA/CSS Evaluated TS-1 Degausser

Rated at 20,000 Gauss / 2 Tesla

Portable DataGauss XL Degausser

Rated at 9000 Gauss / 0.9 Tesla

NSA/CSS Evaluated PDS-100 Crusher

Physically destroys HDDs and SSDs

HDD / SSD Combination Shredder

Shreds up to 5mm blade width