Also known as Data Destruction. A process that renders access to target data on the media infeasible for a given level of effort
Databyte Solution Data Sanitization / Destruction Services for organizations
US Government NIST 800-88 Rev 1 Compliant Data Sanitization Services
Onsite and Offsite Degaussing, Crushing, Shredding, Secure Erasure
ISO 9001 and 14001 Certified Processes with NSA / CSS evaluated equipment
Auditable processes and Evidence of destruction of storage medium
Best Value Guaranteed** for both onsite and offsite service
If you are a highly regulated industry (prime examples being the financial, insurance, technology, pharmaceuticals, communication, energy, healthcare, public sector and education industries), Proper Data Sanitization is essential and not an option or afterthought.
What is Data Sanitization (Data Destruction)?
Sanitization refers to a process that renders access to target data on the media infeasible for a given level of effort (page iv, NIST SP 800-88 rev 1)
For the generally accepted NIST 800-88 Rev 1 guidelines, it classifies data sanitization into three levels of Clear, Purge and Destroy. All three are generally acceptable methods for data sanitization, and the choice of methods mostly depends on how the user classifies their data importance.
You can read more about the different standards for data sanitization here (NIST 800-88 Rev 1, NSA / CSS 9-12, NSA EPL)
Why Data Sanitization (in short)
For you and your organization's protection!
It is no longer a matter of if, but rather how and when an organization's information and data are breached. End of life data and information breaches are one of the key vectors for a security breach into an organization.
By preventing information breaches when disposing of used IT equipment, organizations can close off one more vector of attack and avoid potential financial losses, lawsuits, or regulatory fines and punishments. According to IBM's Cost of a Data Breach Report, the average per (line) record cost of a data breach in 2021 was USD$161.
Two independent studies conducted by Kessler International and Blancco Technology Group also found that 40% and 67% of the disk drives purchased from ecommerce sites still contained sensitive information from their previous use. These included personally identifiable information, financial information, company emails, spreadsheets and photographs.
Common Methods of Data Sanitization
The degaussing process changes the magnetic domain where data is stored (for magnetic media), and this shift in domain makes data unreadable and unable to be recovered.
HDDs are bent into half, damaging the read/write head, actuator, controller board and most importantly the platters used to store information.
SSD onsite destruction
SSDs are penetrated by multiple spikes, causing irreversible physical damage to the controller and memory chips used to store information.
Shredding destroys any storage medium irreversibly. Each single piece of storage medium is disintegrated into hundreds of separate pieces.
Why Data Sanitization (in full)
The modern storage environment is rapidly evolving. Data may pass through multiple organizations, systems, and storage media in its lifetime. The pervasive nature of data propagation is only increasing as the Internet and data storage systems move towards a distributed cloud-based architecture. As a result, more parties than ever are responsible for effectively sanitizing media and the potential is substantial for sensitive data to be collected and retained on the media. This responsibility is not limited to those organizations that are the originators or final resting places of sensitive data, but also intermediaries who transiently store or process the information along the way. The efficient and effective management of information from inception through disposition is the responsibility of all those who have handled the data.
The application of sophisticated access controls and encryption help reduce the likelihood that an attacker can gain direct access to sensitive information. As a result, parties attempting to obtain sensitive information may seek to focus their efforts on alternative access means such as retrieving residual data on media that has left an organization without sufficient sanitization effort having been applied. Consequently, the application of effective sanitization techniques and tracking of storage media are critical aspects of ensuring that sensitive data is effectively protected by an organization against unauthorized disclosure. Protection of information is paramount. That information may be on paper, optical, electronic or magnetic media.
An organization may choose to dispose of media by charitable donation, internal or external transfer, or by recycling it in accordance with applicable laws and regulations if the media is obsolete or no longer usable. Even internal transfers require increased scrutiny, as legal and ethical obligations make it more important than ever to protect data such as Personally Identifiable Information (PII). No matter what the final intended destination of the media is, it is important that the organization ensure that no easily re-constructible residual representation of the data is stored on the media after it has left the control of the organization or is no longer going to be protected at the confidentiality categorization of the data stored on the media.
Databyte Solution List of Data Sanitization Services
Databyte Solution Data Sanitization Equipment
NSA/CSS Evaluated TS-1 Degausser
Rated at 20,000 Gauss / 2 Tesla
Portable DataGauss XL Degausser
Rated at 9000 Gauss / 0.9 Tesla
NSA/CSS Evaluated PDS-100 Crusher
Physically destroys HDDs and SSDs
HDD / SSD Combination Shredder
Shreds up to 5mm blade width