Achieving a secure wipe

Editorial Type: Date: 2021-10-20 Views: 1,006 Tags: Security, Regulations, Data Wipe Standards, Data Sanitisation, Data protection, Redkey USB PDF Version:
Gareth Owen, managing director of Redkey USB, delves into the world of Data Wipe Standards and, where there is any doubt or confusion, advises how organisations can handle this process responsibly

When a computer is liquidated, recycled or repurposed, it is standard practice to sanitise all user data. Typically, this involves erasing the contents of the hard drive to eliminate the possibility of a data breach.

Various regulations exist to ensure organisations handle this process responsibly, so most organisations will either take care of the process in-house or outsource the procedure altogether.

Except in the case of physical destruction, a certified data wipe product will likely be at the heart of the process and, with this, a data wipe 'Standard' will be applied.

Data wipe standards provide a convenient, defined and repeatable process. If a data wipe standard is already specified within organisational policy, then little consideration is required. However, if a specific standard is not established, or you suspect your current procedure is inadequate, where do you start?

Traditionally, data wiping involves overwriting a drive with a continuous stream of binary data until the drive is full. This has the effect of destroying any previously stored information.

Conventional data wipe standards, such as US 'DOD' and the 'Gutmann 35 pass' wipe method, may sound familiar, but it's common knowledge that traditional data wipe standards are ineffective with modern drives. For example, SSDs and NVME use internal wear management, causing part of the storage medium to be hidden from the user.

More than one method of sanitising a drive has existed for some time now. Drives can now be wiped internally/ securely. When the ATA command set was introduced, it enabled the ability to directly interact with the internal functions of a drive. With the right tool, modern drives can be instructed to self-erase. Even more modern drives use the NVMe command set, which implements similar internal erase functions.

A fringe benefit of employing these methods is that the process is relatively fast, because internal erasing is not hampered by any sort of interface bottleneck. Full support for the ATA/NVMe command sets varies between drives, because the implementation of the erase functions is manufacturer dependent. Also, it is not always possible to be 100% sure that a data wipe has been successful, using internal erasure alone.

Besides this, many internal erase compatible drives contain 'hidden areas', such as the Host Protected Area (HPA) and Device Configuration Overlay (DCO). These hidden areas are not ordinarily accessible, yet can potentially hold any form of sensitive data, including malware. Therefore, it's essential that your data wipe standard incorporates the elimination of hidden areas into its process.

The most secure data wipe standards must then eliminate any hidden areas before wiping a drive, using a combination of both internal and external erasing methods. More modern standards, such as AGISM (Australian Government Information Security Manual), BSI-GSE, NIST 800-88 Purge and the ADISA Certified Redkey Level 1 standard, already incorporate this degree of complexity into their processes, so are firmly compliant with respect to GDPR, HIPPA and NIST guidelines for data destruction.

However, one minor drawback of the most secure data wipe standards is that they can be time-costly and perhaps even overkill for some low-risk situations. For example, when a computer is redeployed internally within an organisation. Under such circumstances, a more efficient HPA and DCO Reset, combined with a secure erase, may suffice.