Whether you’re a tech guru or just go online to check your email once in a while, you’ve probably heard the buzz phrase “media sanitization” a time or two. Putting devices through a sanitization process means that the information security on those devices has been greatly enhanced.
Sanitization methods vary by degree and ease. They help protect cell phones and other mobile devices that store data from having sensitive data retrieved by unauthorized entities. This article clearly defines media sanitization, discusses the most common methods through which it is achieved, and details why it is important.
Media sanitization, sometimes referred to as “data sanitization,” is media destruction conducted in a way that reasonably guarantees sensitive information cannot be easily reconstructed or retrieved. In large company settings, a security officer typically carries out sanitization procedures as part of their job.
For consumers, sanitization techniques are available through a wide range of programs designed for this purpose. The type of sanitization needed may also depend on the type of media in question.
The National Institute of Standards and Technology (NIST) has set up three media sanitization categories: clear, purge, and destroy. Because sanitization is needed throughout the life cycle of any information system, NIST has set guidelines to offer system owners practical help in making sanitization decisions. NIST 800-88 provides this guidance and helps users properly categorize the confidentiality of sensitive information.
The principles behind the NIST Special Publication 800-88 apply to all kinds of data storage technologies, including those that have not yet been fully developed. Flash-based and magnetic media technologies define most of our mobile devices, servers, and USB drives, so many of the NIST 800-88 compliance standards refer to these types of storage.
While it may seem simple to throw old devices or hard drives away, NIST guidelines are adamant that this is not a safe way to conduct media sanitization. Data recovery and corresponding reuse are highly accessible by third parties where proper media sanitization techniques have not been implemented. To ensure that sensitive data on your storage devices is truly as protected as possible, NIST recommends only the following three methods of data destruction.
Some may think that simple deletion is clearing, but this is incorrect. Clearing protects confidential information from retrieval by disk drives or data file recovery programs. The main component of clearing is keystroke resistance concerning attacks or recovery attempts made by cryptographic scavenging tools designed to harvest data.
Overwriting is one acceptable method of clearing. This method of destroying digital media simply writes over sensitive data on solid-state drives, hard disks, and floppy disks. Clearing as a sanitization method is useful for protecting data that will be reused by the same agency and will not be exiting that agency’s control in the meantime.
Some types of electronic media would not be conducive to a clearing approach. You should consider purging to protect confidential data against a laboratory attack. One caveat here is Advanced Technology Attachment (ATA) disk drives. These are disk drives that were created after 2001 and are over 15 GB. For ATA disk drives, clearing and purging are the same process.
A laboratory attack consists of a threat to storage media recovery that is occurring outside of that media’s normal operating environment. Generally, such attacks are managed by trained personnel using signal processing equipment. Examples of purging sanitization tools would be degaussing and performing the firmware Secure Erase command (for ATA disk drives).
Destruction is the last and most comprehensive form of media sanitization. Physical destruction of information technology can be accomplished through shredding, pulverizing, incineration, melting, and disintegration. Destroying is the best method of sanitization for media that will never be reused and for which there is no need for retention.
Media sanitization is crucial for businesses and individuals because it protects sensitive information that can be misused if confiscated by unauthorized parties. Businesses that are disposing of copiers or hard drives need to be mindful of how and where those devices are removed. Consumers interested in the used technology market should be alert to the dangers of exposing sensitive information, even accidentally.
Failure to take adequate sanitization steps can expose your company to information and identity theft. Likewise, individuals buying or selling used phones, tablets, or other mobile devices need to be aware so they don’t unintentionally expose their own private data or accidentally collect someone else’s data.
Violations of privacy or unauthorized access to certain media types can be grounds for legal offense. Avoid costly hidden problems by purchasing a history report on phonecheck.com for about the cost of a cup of coffee.
Sellers of used phones are particularly interested in media sanitization. Because many old phones are sold without sanitization tools, sensitive information can be exposed without the buyer or seller being aware until it is too late.
Buying or selling a used phone with someone else’s identification or banking information accessible can lead to accusations of misuse that can even turn into legal battles. The smartest way to avoid these potential hassles is to leverage Phonecheck’s data erasure software to quickly wipe large amounts of data off phones.
With Phonecheck, media sanitization is easy and fast. Phonecheck’s ADISA-certified data erasure program lets you clear large amounts of sensitive information from phones in a single go, automatically increasing trust between buyers and sellers of used phones.
Don't buy or sell a used device without a Phonecheck Certified History Report. At Phonecheck, we increase trust and confidence between buyers and sellers of used phones by ensuring everyone gets what they are looking for out of the interaction. Trust Phonecheck for all of your used-phone certification needs.