FAQ / SAQ
Frequently Asked Questions / Should Ask Questions
FAQ: What Data Sanitization options are available?
Overwriting (via software)
Native Interface Secure Erasure (SCSI, SATA, NVMe)
Cryptographic Erase (CE)
Degaussing (for HDDs, LTO and other magnetic media only)
Crushing / Bending
FAQ: I am confused by all these different Data Sanitization standards such as NIST, NSA, CSS, DOD, FIPS, etc. Could you explain them to me?
All the different standards, be it NIST 800-88 Rev 1 or dod 5220.22-m, simply provide guidelines for media sanitization.
The current best practices would be to adhere to the guidelines of the NIST 800-88 Rev 1 as it is one of the most current and updated for current storage medium technology.
Find out more about NIST 800-88 Rev 1 here
SAQ: What are the Minimum standards for Sanitizing Data?
A bare minimum would be to overwrite all storage sectors with zeroes, and/or do secure erase methods on storage medium using native SATA, SCSI or NVMe commands. These can be done through software in-house at most organizations. A simple format is simply NOT enough for most storage devices. With an overwrite and secure erase methods, it would take a laboratory to even have a very slim (close to nothing) chance of recovery for even a tiny percentage of the data. The catch for these software methods is that they should be done by personnel with experience who understand how storage medium work. For example, running a overwrite on a SSD is not considered secure.
For high importance data, physical destruction is recommended for the storage devices. Done in tandem with overwriting or secure erase methods, there is zero chance of recovery of data from any of these storage medium. Some of the physical destruction methods alone such as degaussing, or shredding (to a fine enough degree), are sufficient to guarantee destruction of the data.
SAQ: How would i know whether my storage medium and data has been truly destroyed?
For full traceability and compliance, all the serial numbers of the storage medium should be documented.
One option is to opt for onsite destruction services and witness your storage medium sanitized in front of you at your premises.
If an onsite cannot be arranged (due to cost economics or other environmental factors), Databyte Solution can provide either a software log or picture / video of every piece of storage medium that has been physically destroyed by our crusher or shredder.
These provide all our partners peace of mind and a fully auditable evidence trail.
SAQ: What other measures can organizations take to prevent data breaches?
Organizations can do their part by educating members on cyber security measures and implementing control measures such as controlling user access to information, timely software updates and patching, scheduled data backups, forced password changes with minimum password complexity, 2 factor authentication and drive encryption, amongst many other measures.