Data Sanitization
Also known as Data Destruction. A process that renders access to target data on the media infeasible for a given level of effort
Data Sanitization / Destruction Services for Organizations
US NIST 800-88 Rev 1 Compliant Data Sanitization Services
Onsite and Offsite Degaussing, Crushing, Shredding, Secure Erasure
ISO 9001 and 14001 Certified Processes with NSA / CSS evaluated equipment
Best Value Guaranteed** for both onsite and offsite service
If your organization is a highly regulated industry (prime examples being the financial, insurance, technology, pharmaceuticals, communication, energy, healthcare, public sector and education industries), Proper data sanitization is essential and not an option or afterthought.
Read our Data Sanitization Guide or Contact us to find out more
Databyte Solution List of Data Sanitization Services
Degaussing
Degaussing applies a strong magnetic field to randomize the stored magentic alignment representing data, making data unreadable.
Crushing
Bending of storage medium in half to destroy the read/write head, actuator, controller board and the storage platters.
Shredding
Shredding destroys any storage medium irreversibly. Each storage medium is disintegrated into hundreds of separate pieces.
Erasure
Overwrite, Secure Erase, Cryptographic Erase. Old data is securely erased and/ or new data is written over.
What is Data Sanitization (Data Destruction)?
Sanitization refers to a process that renders access to target data on the media infeasible for a given level of effort (page iv, NIST SP 800-88 rev 1)
For the generally accepted NIST 800-88 Rev 1 guidelines, it classifies data sanitization into three levels of Clear, Purge and Destroy. All three are generally acceptable methods for data sanitization, and the choice of methods mostly depends on how the user classifies their data importance.
You can read more about the different standards for data sanitization here (NIST 800-88 Rev 1, NSA / CSS 9-12, NSA EPL)
Why Data Sanitization (in short)
For you and your organization's protection!
It is no longer a matter of if, but rather how and when an organization's information and data are breached. End of life data and information breaches are one of the key vectors for a security breach into an organization.
By preventing information breaches when disposing of used IT equipment, organizations can close off one more vector of attack and avoid potential financial losses, lawsuits, or regulatory fines and punishments. According to IBM's Cost of a Data Breach Report, the average per (line) record cost of a data breach in 2021 was USD$161.
Two independent studies conducted by Kessler International and Blancco Technology Group also found that 40% and 67% of the disk drives purchased from ecommerce sites still contained sensitive information from their previous use. These included personally identifiable information, financial information, company emails, spreadsheets and photographs.
Why Data Sanitization (in full)
The modern storage environment is rapidly evolving. Data may pass through multiple organizations, systems, and storage media in its lifetime. The pervasive nature of data propagation is only increasing as the Internet and data storage systems move towards a distributed cloud-based architecture. As a result, more parties than ever are responsible for effectively sanitizing media and the potential is substantial for sensitive data to be collected and retained on the media. This responsibility is not limited to those organizations that are the originators or final resting places of sensitive data, but also intermediaries who transiently store or process the information along the way. The efficient and effective management of information from inception through disposition is the responsibility of all those who have handled the data.
The application of sophisticated access controls and encryption help reduce the likelihood that an attacker can gain direct access to sensitive information. As a result, parties attempting to obtain sensitive information may seek to focus their efforts on alternative access means such as retrieving residual data on media that has left an organization without sufficient sanitization effort having been applied. Consequently, the application of effective sanitization techniques and tracking of storage media are critical aspects of ensuring that sensitive data is effectively protected by an organization against unauthorized disclosure. Protection of information is paramount. That information may be on paper, optical, electronic or magnetic media.
An organization may choose to dispose of media by charitable donation, internal or external transfer, or by recycling it in accordance with applicable laws and regulations if the media is obsolete or no longer usable. Even internal transfers require increased scrutiny, as legal and ethical obligations make it more important than ever to protect data such as Personally Identifiable Information (PII). No matter what the final intended destination of the media is, it is important that the organization ensure that no easily re-constructible residual representation of the data is stored on the media after it has left the control of the organization or is no longer going to be protected at the confidentiality categorization of the data stored on the media.