Menu Hide

What is Data Sanitisation?

Data sanitisation consists of the removal and erasure of sensitive data in a way that it cannot be recovered again by any means.

There are two parts to this definition:

  • Data must be removed and erased permanently.
  • Data can’t be retrieved even by forensic experts.

With increasing data being collected at every point of our digitised life, it is of utmost need that what is not needed to be destroyed immediately and efficiently.

It has become more important in the past decade and strict guidelines about data erasure have evolved and become a part of the legislation. References to data sanitisation and how exactly it is to be performed are provided in the Sarbanes Oxley Act (US law related to accounting procedures) and HIPAA (Health Insurance Portability and Accountability Act).

Many other nations have their own standards, e.g. GOST-R-50739-95 (Russia) and HMG IS5 (Britain), or use international best practices as outlined in PCI DSS.


Why is it Important to Your Business (and personal life)?

This should be self-explanatory, but unfortunately, too many have a rather naïve approach to data sanitisation.

The problem begins with the deletion of files. With Windows 95, we became used to right-clicking on any file or folder and selecting delete. It would magically disappear in front of our eyes. Then “Empty Recycle Bin” and most believe it is gone. Nothing can be more misleading.

All that deletion does is remove the navigation to the file.

It is like deleting a phone number from the directory. That does not mean the number is no longer in use. Data sanitisation, on the other hand, is a much more comprehensive process. Data sanitisation erases data by writing random 1s and 0s on every track of the disk.

Assume that the original file was a Word document that read “Mr X lives at 3339 Longshore Drive”

It would be written on the hard disk as:

“01001101 01110010 00100000 01011000 00100000 01101100 01101001 01110110 01100101 01110011 00100000 01100001 01110100 00100000 00110011 00110011 00110011 00111001 00100000 01001100 01101111 01101110 01100111 01110011 01101000 01101111 01110010 01100101 00100000 01000100 01110010 01101001 01110110 01100101”

The Word document was deleted, but the string above “..” remains on the hard drive! Anyone who knows binary can translate the string back by software (or hand).

When it is erased, the same sector would read:

“00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000”.

Usually, not one, but two passes are made (two rounds of zero filling). There is fear of remnants with one pass. 

reference: https://security.stackexchange.com/questions/10464/why-is-writing-zeros-or-random-data-over-a-hard-drive-multiple-times-better-th

Data sanitisation is crucial for keeping data out of the wrong hands.


What Types of IT Assets Must be Subject to Data Sanitisation?

  • Hard disk drives
  • Solid state drives
  • USB drives
  • Phones
  • Memory cards

DVD discs cannot be erased and must be destroyed.


Methods of data sanitisation

  1. Physical Erasure

This is the crudest and quickest way to erase data. Take a hammer to the hard drive (or SSD) and whack it out of shape. There is no way it would work again. The same can be done with any other type of storage device. However be vigilant that you actually destroy e.g. when you destroy a phone, you don’t leave the internal storage intact.

Another way is degaussing. Place the hard disk in a magnetic field and data would be destroyed. Degaussing does not work with solid-state disks or USB.

Hard Drive Physical Destruction

 

  1. Cryptographic Erasure

If the data has been stored using a cryptographic key, then all that is needed to destroy the data is the destruction of the key. Let’s assume a server disk has 500 patient files in a folder. The folder is locked with a 16-digit alphanumeric key. To secure the data, it is enough to throw away the key (erase it). But the key has to be strong enough to withstand future attempts to decode it.

The huge advantage of this method is:

  • It is cost-effective and fast.
  • The drive can be easily sold to ITAD agents.
  1. Data Erasure

A storage media of any type stores data as bits and bytes. Data erasure consists of overwriting all the bits (the smallest unit of data) with 0. Zero filing can continue with a second pass where random 0 and 1 are written on the disk. The specific order of overwriting varies slightly depending on the standard used.

Some examples:

  • NIST SP-800-88 Rev uses a single pass of all zeroes.
  • HMG InfoSec Standard 5 uses all zeroes, followed by all 1s followed by random characters.
  • U.S. DoD Unclassified Computer Hard Drive Disposition uses a character (say A that is 01000001), followed by its complement that is 10111110, followed by a random pattern.


Use BitRaser to Wipe Your Devices

We made BitRaser so you can wipe data from any type of hard drive and storage device. BitRaser runs from a USB and wipes data securely without leaving a single bit intact. If you want 100% sanitisation with complete accuracy, BitRaser can wipe data and generate a report for the audit trail.

The BitRaser tool has been specially designed so that customers can erase storage media themselves, without any special training, and be sure that they have done it right. It can be used by businesses before they dispose of their devices periodically or by ITAD and refurbishers who regularly buy old servers, laptops, and phones. If you are looking for a data sanitisation solution look no further.

Data Eraser Report
Stellar Data Recovery


Features of BitRaser

  • Boots from USB to both BIOS and UEFI
  • Erases hard drives, solid state drives, USB drives, memory cards, phone storage
  • Works with all types of interfaces—SATA, PATA, IDE, SCSI, etc
  • Supports 24 global erasure standards, including GDPR and HIPAA.
  • Cloud-based for maintaining reports and remote wiping across the enterprise
  • Erases hidden areas such as DCO and HPA
  • Works with x86 and x64 architecture
  • Can erase 32 devices at the same time
  • Supports erasure of hard drives with multiple block sizes

BitRaser understands the importance of data sanitisation like no one else. Our software is trustworthy and flexible to suit every budget. BitRaser is trusted by many MNC like Samsung, Accenture, Nikon, Google, and Coca-Cola etc. to erase their data. Let us help you keep your business to yourself.

76% of people found this article helpful