Data erasure involves a comprehensive removal of sensitive information from storage media devices to prevent recovery by malicious hackers. Both private and public organizations often handle data containing sensitive information about clients, customers, or employees. Such information can end up in the wrong hands during a data breach and result in extremely damaging consequences for a business. To prevent unauthorized access, private organizations and government agencies have tried to establish a secure and well-defined procedure for the erasure process.
Most data erasure standards leverage software solutions (e.g., wiping software) to encrypt or overwrite sensitive data that needs purging. Unlike physical destruction (degaussing, shredding, storage media incineration, etc.), software solutions ensure that the storage media device remains intact. Subsequently, one can carry out verifications and validation, which are the last stages of the data sanitization process.
Among the different standards known, the ones established by the Department of Defense (DoD) and the National Institute of Standards and Technology (NIST) are the most common across the United States. However, companies or private organizations often find the DoD and NIST regulatory procedures complicated due to the multiple standards involved and the high cost of execution.
Fortunately, there are even more options available. This article covers the different data erasure standards available to you.
Also known as AFSSI-5020, this standard was developed by the U.S. Air Force in 1996 and required three passes. In the first destructive sequence (the first pass), the standard mandates that a fixed value (usually 0s) overwrites the storage media. In the second sequence (the second pass), another fixed value (often 1s) overwrites the storage media. Subsequently, the media is overwritten by randomly selected values in random order. After the third overwrite (the third pass), the device can undergo certification to complete the sanitation process.
Tip: During the standardized data destruction process, the data overwrite process is often carried out multiple times. Also referred to as passes, the idea is to ensure thoroughness and eliminate any chance of recovering the erased data.
Aperiodic random overwrite uses random values to overwrite different sections of the storage drive. Each unit of the drive or disk is assigned a different value and pattern instead of the otherwise blanket values used in rewriting in other standards. The additional complexity and break in the pattern call for just one pass before the verification procedure.
Blancco is an international company that, since the beginning of the 21st century, has been working with governments and major corporations on secured data erasure. Their erasure standards for solid-state drives (SSDs) encompass random overwrites, freeze lock removal, data wiping at the firmware level, and, lastly, complete verification. The process leverages many standard SSD sanitization protocols to create a more comprehensive erasure process for SSDs. Only Blancco knows the precise number of passes used in the entire process.
Bruce Schneier's algorithm, also known as Blowfish, is a seven-pass encryption algorithm. The algorithm is named after its developer and exists as an open-source encryption algorithm that has found significant usage in data erasure processes. The process involves encoding data with binary information of 1s and 0s, followed by an overwrite with random characters. Blowfish ensures that a malicious actor cannot recover or retrieve sensitive data in any readable format after erasure.
The BSI-VS was the data erasure standard initially developed by the German Federal Office for Information Security known as BSI. The procedure involves two passes and two verifications to guarantee effective erasure. It was the recommended approach to secure data destruction for government and private agencies.
The German Federal Office for Information Security now recommends a one-pass data sanitization procedure called the BSI-GS. The process involves the removal of hidden drives (HPA/DCO) where they are present on laptops or mobile devices. You then overwrite the drive with aperiodic random data. Subsequently, firmware-level data erasure is executed and verified depending on the electronic media involved. The process requires just one pass, and the results quickly pass verification without a hitch.
The CESG CPA-higher level is the standard established by the U.K. government's National Technical Authority for Information Assurance. A body whose core responsibility is data security — protecting sensitive data and equipment used by the U.K. government. The procedure involves three passes (1s, 0s, random) with verification executed after each overwrite.
The cryptographic erasure procedure uses a different approach that involves less overwriting and more encryption. The focus is to prevent unauthorized access to stored data on your storage media. The procedure deletes its encryption key, leaving the encrypted data on the drive unreadable. Once activated, cryptographic erasure follows the native command of the storage drive. Therefore, it only functions in storage devices with built-in support.
The U.S. Department of Defense established the data erasure procedure called DoD 5220.22-M ECE in 2001 to guide secure data destruction for government and private organizations. The process is extensive and requires seven passes.
The first three passes of the process involve two overwrites using the DoD 5220.22-M algorithm separated by a different pass (DoD 5220.22-M © standard). The first three passes are followed by a binary overwrite starting with three keys of 0s, followed by a single overwrite of 1s, making the sixth pass. The last of the passes uses a random pattern of values. Subsequently, you initiate a verification procedure after the overwrite to conclude the procedure.
Employing a firmware-based erasure will depend on the pre-programmed encryption or overwriting protocols on your storage device. A firmware-based erasure functions by triggering the accompanying erasure protocol of a storage device. It facilitates data wiping or encryption of your storage device (drive) in two passes. Therefore, it prevents data recovery across all sections in HDDs and SSDs. The next stage is to verify the overwrite. However, not every storage media (hard drive, flash drive, or SSD ) comes with a firmware erasure protocol.
The HMG infosec standard five, otherwise known as the HMG IS5, is a media sanitization procedure set by the Communications-Electronics Security Group for use by the British government. HMG IS5 uses a sanitization algorithm that involves overwriting a device's data in one pass with binary zeros, followed by a verification procedure. The advanced version of the process adds two additional passes of 1s and random characters — making it three passes (0s, 1s, random) before the verification.
The NSA developed its data erasure standard in 2000. Commonly known as the NCSC-TG-025, the process uses three passes and necessitates verification after each pass. The first pass writes binary 0s over a hard disk drive, the second pass writes 1s, and the last pass writes random values.
NAVSO P-5239-26 is a data erasure standard defined by the U.S. Navy and involves three passes or data overwrite. The first pass uses a well-defined set of characters to cover the original data set. The second pass writes the complementary sequence of characters to the ones used in the first. The last pass writes random characters over your IT assets. A verification procedure ends the process. The approach ensures all software-based and most hardware-based file recovery methods don't extract information from the drive.
The NIST 800-800 is one of the most popular data erasure standards in the U.S. Established by the National Institute for Standards and Technology, the standard addresses all hidden hard drive sections. It uses logical protocols to sanitize these sections. The device is subsequently overwritten to make its data impossible to recover.
The NIST 800-88 employs firmware erasure when it is available. However, suppose firmware erasure is unavailable on a drive. In that case, NIST 8000-8 restores the hard drive or storage media to factory settings and wipes it clean of data before overwriting. It is a one-pass process that ends with a verification.
The Gutmann method is a data erasure standard developed by Peter Gutmann and Colin Plumb in 1996. The process involves using an algorithm that writes a series of 35 patterns over electronic media to wholly and securely erase the data on it. The Gutmann method is exhaustive, requiring 35 passes (four randoms, 27 complexes, four randoms).
The NSA 130-1 is an advanced standard published by the National Security Agency that uses a three-pass overwrite. A random value overwrites the drive or storage media in the first two passes. A known value overwrites the storage media in the last pass (the third pass). The process ends with a verification of the writes.
This is another efficient data erasure standard established by the U.S. Navy. The approach involves three passes or data overwrites. The storage device or drive is overwritten with a random value in the first pass. The last two passes overwrite the drive with static, followed by a verification procedure.
Most efficient and comprehensive data erasure software is costly. Therefore, firms are caught between choosing software that guarantees thorough data erasure at a high cost or a cost-effective one that may not guarantee complete data erasure. However, with Phonecheck, you don't need to sacrifice affordability for efficiency.
Phonecheck Pro Version 1 offers the right mix of speed, accuracy, efficiency, and affordability in enterprise data erasure. Having undergone a claim test and passed certification by ADISA, it only makes sense to call it one of the most reliable industry-standard erasure software for mega-corporations and small businesses. ADISA sets the standard for data disposal services.
Request a demo today to see first-hand how Phonecheck sanitizes your phone data beyond the scope of recovery — while keeping your device in great shape for resale.
