SECURE DATA WIPING AND ERASURE SERVICES: NO TRACE LEFT BEHIND
As any computer user probably is aware, just about any file can be erased from a hard drive with the click of a mouse. However, this basic method often still leaves traces of the data that can be recovered in various ways, meaning that truly secure data wiping requires specific, complex steps.
To render data almost completely irretrievable, the drive must be securely wiped or erased using one or more methods. Wiping a drive usually involves actually adding new data to the drive that replaces any encoded information with only zeroes or ones. This is because all digital data is based on binary code, which is comprised of a series of zeros and ones.
Common methods for secure data erasure and proper data wipes
NIST SINGLE PASS
A protocol developed by the National Institute of Standards and Technology that overwrites data with just one pass of either all zeroes or random characters. Revised in 2012 to include three types of media sanitization. Read more in our blog post The Efficiencies of NIST Compliant Data Sanitization.
- Clear applies to logical techniques to sanitize data in all user-addressable storage locations for protection against simple noninvasive data recovery techniques; it is typically applied through the standard Read and Write commands to the storage device, such as by rewriting with a new value or using a menu option to reset the device to the factory state (where rewriting is not supported).
- Purge applies physical or logical techniques that render target data recovery infeasible using state-of-the-art laboratory techniques.
- Destroy renders target data recovery (using state-of-the-art laboratory techniques) infeasible and results in the subsequent inability to use the media for storage of data.
DOD 3 PASS
The U.S. Department of Defense adheres to a standard protocol for data erasure from all devices that don’t contain classified information. This standard can also be employed by ordinary computer users with the proper tools. The DOD 3 Pass method overwrites all data in three separate processes, first by writing only zeroes over the data, then only ones, and finally a random character. Up until recently, this method has been the standard practice for peace of mind. Now, however, NIST Single Pass (see above) is becoming acceptable as the standard for some industries.
DOD 7 PASS
An identical drive wipe standard to the three-pass protocol, but with each step repeated an additional four times.
GUTMANN ALGORITHM
Named after its developer, the Gutmann algorithm is a method of disk wiping that overwrites data using a total of 35 passes. This makes it one of the most secure data erasure methods, but also the most time-consuming.
The primary benefit of data wiping and erasure is that it can often be done on-site with widely available software tools. It also allows the drives to be reused and sold even after wiping, as long as the new user can format it properly. The primary drawback of this method is the time involved. A single pass of data erasure might take several hours to perform. This time can quickly add up when working with many devices. By working with an ITAD partner, wiping data can be performed at scale — saving time and related effort.
Which is the best data sanitization method for your data security policy?
NIST or DoD