Data Sanitization
The Control Over Data and Who has access to it is huge but what is also very important is the proper disposal of Company Data. You must must must make sure Data does not fall into the wrongs. Bad people like to destroy things and cause pain so make sure your Security Posture reflects this fact. Properly destroy drives and other magnetic media that contains or has contained sensitive data. Failing to do so can result in a bad actor dumpster diving a hard drive you threw away when you upgraded a HDD to a new SSD. Because your security posture is garbage you ended up forgetting to encrypt the drive the sensitive data was found on. Next thing you know that very sensitive data was recovered using freeware and a 10 minute youtube video by the bad actor and giving to TMZ or the nightly news lol…but seriously this is why your Security Posture is important and proper Data Sanitization practices and processes aid in fulfilling that Goal. Some data may need be sanitized off one device but backed up to a more permanent or long term storage location to meet specific Data Retention Policies. So the next question you are probably asking yourself is how do you properly sanitize data?
You do this by properly Santizizing the Drive or Magnetic Media the Data resides or resided on. The most effective method of Data Santization is Incineration. Drive shredding through a secure metal grinding device and/or company is another really effective method for data sanitization. This method is very common because you can plan ahead and effectively decommission, recycle, and downsize excess equipment along with the drives and magnetic media you need to destroy. Just like in Magic the Gathering you want typically want to get 2 or 3 benefits out of an action that costs something. So for example: lets say you need to securely destroy 50 drives 100 CDs and 4 USBs. The Company your Finance department and upper management finally decide to go with Quotes you a flat 1000 USD for the Secure Data Destruction and says they will also pickup any tech recycling you need to get rid of. You now have a 3 for 1 action that will help your Business and Security Posture. For the action of spending 1K you have scheduled the destruction of sensitive data, the recycling of a bunch of old tech equipment/items, and you’ve cleaned up areas cluttered with old tech junk you’ve been waiting to get rid of. Its wins all around in this scenario and you should always be striving for Wins all around. This is how your business wins, your customers win, your stakeholders win, and your share holders win.
Another method that is less common but still effective is drilling holes through a drive after reformatting.
If you want to be thrifty there are secure ways to wipe a drive but still render the drive usable. There are different scenarios for every Org so make sure to properly asses your company’s Security Posture.
