Data Sanitisation - What Teknobu Offer
Teknobu are pleased to offer certified data sanitisation solutions to meet all of your business needs, our software is certified for comprehensive data sanitisation on SSD (Solid State Drives) and MHD (Magnetic HDD) storage media.
The guide below offers some insights into what data sanitisation is and what we can cover as a service provider, we are also more than happy to discuss your needs to build a bespoke package or can offer advice on best practices. This guidance is suitable for any organisation wishing to ensure that their data held on storage media cannot be read by unauthorised parties after it has left organisational control.
Any data which is sensitive to your business should be removed from the media which stored it; just hitting ‘Delete’ isn’t enough.
Sanitisation is the process of treating data held on storage media to reduce the likelihood of retrieval and reconstruction to an acceptable level. Some forms of sanitisation will allow you to re-use the media, while others are destructive in nature and render the media unusable.
When should I think about sanitising media?
There are a number of circumstances in which you’ll want to sanitise storage media:
Re-use: When you want to allocate a device to a different user or repurpose some equipment within your organisation. You may also want to re-sell unwanted equipment so that it can be re-used elsewhere.
Repair: You may need to return a faulty device to the vendor for repair or replacement.
Disposal: You may wish to sanitise unwanted media before it is passed outside of your organisation — especially if you have limited confidence in the third party you have contracted to dispose of it on your behalf.
Destruction: You may have the means to destroy some media on your own site, or you may wish to send your media off site for destruction.
In all cases, the media will be outside its normal operating environment and is therefore subject to greater risk — from a different set of users, from third parties, or from less trusted organisations and individuals.
The risks of not sanitising
If data bearing surfaces are not treated properly, sensitive data may remain. This could result in the following problems for your business:
- unknown whereabouts of sensitive data
- loss of control over your information assets
- critical data could be recovered and used by adversaries or competitors
- private or personal data about your customers or staff could be used to commit fraud or identity theft
- your intellectual property could be recovered and published openly, leading to loss of reputation and revenue
- Lost or stolen equipment
Managing your storage media risks
In order to best manage the risks associated with sensitive data held on storage media, you should:
- understand your data and its potential value outside your organisation
- understand the cost of sanitisation and add it to your procurement costs. Set aside some budget to address sanitisation.
- have a re-use and disposals policy in place, with key roles understood by everyone in your business
- know what technologies you are using
- record the lifecycle of your storage media (what is it being used to store, where, and for how long?)
- use trusted third parties and hold them to recognised standards
- obtain destruction certificates from third party destruction services
- ensure destruction processes and equipment are periodically tested
- verify that your data is being sanitised appropriately
- before disposal, remove all labels or markings that indicate ownership of the device (or the nature of the data contained)
Factors to guide your disposal policy
The following cost and risk considerations should be used to help inform your policy regarding the disposal of storage media:
- Consider your obligations to comply with environmental policy (for example WEEE).
- How do you plan to get the most out of equipment during its useful life? For example, could expensive smartphones be reset and re-used within your business until they reach the end of their useful lives?
- Are there policy constraints around the donation or re-sale of certain equipment?
- How much physical storage space do you have to store end-of-life equipment, and what are the security arrangements around storage?
- How long do you need to store end-of-life equipment before accumulating a volume which is economically viable to dispose of?
- Do you have any data in the cloud? You should always seek assurance from cloud providers that your data will continue to be adequately protected from unauthorised users after a contract expires (that is, until remnants of the data are eventually overwritten).
- Storage media technologies
- To help your sanitisation planning, with the above considerations, we list all the major storage technologies below. We include this information simply as an aid to your thinking; you may wish to adapt to ensure your approach is suitable for the situation in your particular organisation.