In a time where the average cost of data breaches is around $8.64 million, media sanitization is more important than ever. Cyber attacks don’t just impact the company’s name. Downtime and losing access to critical systems account for more than half of the $8.64 million price tag.
Hence, businesses must have a strategy for the safe handling and sanitization of data. It’s also important for any device you’ll use in your company that’s been handled by a third party to undergo a strict set of standards to make sure confidential information doesn’t fall into the hands of unintended users.
That’s where media sanitization comes in. Media sanitization is the process of securely and comprehensively removing data from IT hardware including everything from mobile devices to USB drives.
In this regard, the U.S. government provided the NIST SP 800-88 (Guidelines for Media Sanitization). It is published by the National Institute for Standards and Technology. NIST SP 800-08 contains dynamic procedures and guidance in erasing data from all types of media storage. The goal of the document makes sure that any data found on storage media is irretrievable.
In this guide, we’ll discuss media sanitization and how NISTP SP 800-88 guidelines help make the process easier and clearer for businesses and other organizations.
The NIST 800-88 guidelines provide rigorous and comprehensive guidance for companies and U.S. government entities to ensure they are following best practices for data destruction.
The NIST 800-88 document is one of several sets of guidelines for the sanitization of data-bearing assets. These assets include equipment such as servers, laptops, mobile devices, video and graphic cards, removable thumb drives, and more.
The latest update of NIST 800-88 Rev. 1, is one of the most widely used data sanitization standards requested or required by the U.S. federal government. The standards in the document, also called NIST Special Publication 800-88, are already widely adopted by private businesses and government organizations.
The purpose of NIST 800-88 is to lay out the requirements and provide guidance for implementing sanitization techniques — clearing, purging, and destroying — when the media is going to be reused or disposed of. The document focuses on the sanitization of an electronic copy, media, and the handling of hard copy materials. In addition, NIST 800-88 also specifies the responsibility of organizations and government agencies to ensure that data they collected for business and other purposes are stored and disposed of properly.
The National Institute of Standards and Technology (NIST) defines sanitization as “the general process of removing data from storage media, such that there is reasonable assurance that the data may not be easily retrieved and reconstructed.”
Businesses, government agencies, and other organizations collect and store massive amounts of data. These data include all types and manners of sensitive information such as:
Media sanitization refers to the process of permanently destroying data stored on memory devices. Media sanitization methods must be used properly to ensure that no data can be recovered, even with advanced data recovery tools.
Since unauthorized individuals may attempt to reconstruct data and gain access to sensitive information from media that has not been properly sanitized, media sanitization protects the confidentiality of sensitive information.
On this note, the NIST 800-88 guidelines also took into consideration the confidentiality level of data being handled and not just the medium type. This is why the document included guidance on the destruction techniques that must be used to achieve the required level of sanitization.
The NIST 800-88 guidelines protect the confidentiality of sensitive information and give the destruction techniques needed to achieve the required level of sanitization. As organizations apply cybersecurity measures including sophisticated access controls and encryption to help reduce data breaches and cyber attacks, unauthorized individuals look for other ways to gain access to sensitive information. And one of the ways confidential information falls in the wrong hands is when residual data is retrieved from media that has left an organization without sufficient sanitization.
Data protection vulnerability happens when devices change hands without proper data sanitization. Within the organization, confidential data may be moved from a highly protected storage environment to a less protected one. This can happen when no security measures are established to verify that data has been sufficiently expunged.
To this end, the NIST standard recommends that organizations set up data sanitization projects as follows:
The thoroughness of the data sanitization process is even more important for storage devices leaving an organization’s physical locations or otherwise accessible without security measures in place. To start a data sanitization workflow, businesses and organizations need to consider the following:
An excerpt from NIST SP 800-88, Rev.1, “Executive Summary:”
“The application of sophisticated access controls and encryption help reduce the likelihood that an attacker can gain direct access to sensitive information. As a result, parties attempting to obtain sensitive information may seek to focus their efforts on alternative access means such as retrieving residual data on media that has left an organization without sufficient sanitization . . . Consequently, the application of effective sanitization techniques and tracking of storage media are critical aspects of ensuring that sensitive data is effectively protected by an organization against unauthorized disclosure. Protection of information is paramount.”
Several methods can be used to sanitize data from storage media. These include degaussing, physically destroying the drive, encrypting, and overwriting, which we’ll discuss below.
Degaussing is a media sanitization method where data in storage media is exposed to a powerful magnetic field. Demagnetizing the hard drives neutralize the data, making it unrecoverable.
Degaussing can be an effective way to destroy or purge hard disk drives, floppy disks, and magnetic tapes. But they’ve proven ineffective on flash-based storage devices such as SSDs (solid state drives). This is why the NIST 800-88 guidelines were updated — to make sure media sanitization evolves to catch up with technological advancements on storage devices.
The overwriting process includes writing over previously stored data with random or specified patterns on all drive sectors. It makes the data stored on a drive unreadable, which prevents data breaches. Overwriting is highly effective on specifically defined, user-accessible areas of magnetic drives.
However, the increase in the use of flash-based drives or SSDs made overwriting an insufficient method of data erasure. Flash memory drives are faster, smaller, and more resistant to damage. SSDs also have mechanisms that minimize wear by using non-addressable overprovisioning areas within the drive where data can be left behind. This makes it more challenging to destroy or wipe data from them.
Although NIST allows a minimum one-pass overwriting for SSDs, the guidelines advocate for additional steps to reach all sectors. It means overwriting must be combined with specialized commands, technologies, or tools to address the hidden areas of the drive. For instance, users can utilize the drive’s firmware-based erasure commands to erase sensitive data.
Shredding refers to the process of physically destroying hard drives, smartphones, laptops, printers, and other storage devices into tiny pieces using large mechanical shredders. It is the most effective method of data sanitization because it renders data unrecoverable. Except that destruction of electronic devices is harmful to the environment. It’s also costly for organizations when they’re not able to reuse or resell media storage and devices. Plus, recycling and reusing electronic devices rather than destroying them prematurely keeps the devices’ carbon footprint low.
Encryption refers to the method of using cryptographic erase software, whether built-in or manually deployed, on the entire set of data on the storage device. To complete the process, the key that would have been used to decrypt the data is deleted. However, the method can be insufficient, especially for media that contains highly confidential information, because there is no way to validate that all encryption keys have been erased.
Encryption also relies heavily on the manufacturer, where execution issues can occur. Furthermore, human errors and other equipment issues like broken keys can render the encryption method ineffective.
The NIST 800-88 guidelines are known for its media sanitization categories of clear, purge, and destroy for erasing end-of-life data from storage devices.
Clear applies standard read/write commands, techniques, and tools, to protect the confidentiality of information. It can be used for floppy disks, disk drives, ATA (Advanced Technology Attachment) hard drives, SCSI drives, and flash media (USB sticks, memory cards). Clear is a level of media sanitization that protects simple, noninvasive data recovery techniques or data scavenging tools.
NIST clear techniques are best used for storage devices that do not contain sensitive information because it does not address data found in hidden or inaccessible areas. But it’s still effective for most devices. It also reduces waste since storage media can be reused.
Purge refers to the physical technique that renders target data recovery unrecoverable. It is a media sanitization process that provides a higher level of protection. Purge uses state-of-the-art laboratory overwrite, block erase, and encryption methods. These techniques are recommended when dealing with confidential data.
Purge methods can be used for most types of electronic media and devices. And degaussing is accepted as a purging method for magnetic data.
Physical destruction is the utmost form of sanitization. There are various methods to render media unusable including shredding, smelting, pulverizing, and incinerating. These methods can be used for floppy disks, hard disk drives, optical disks, and flash media.
This level of data sanitization is recommended when a medium cannot be sanitized with clear or purge methods because of its physical condition. It’s also used when users want to ensure highly confidential data won’t be recovered.
Note that NIST does not advise that there’s only one best method for data sanitization. Instead, it recommends that users consider the confidentiality of the information and the medium when making sanitization decisions.
The NIST SP 800-88 provides guidelines, but there is no way to measure if an organization follows them. That’s why Phonecheck erasure is ADISA certified.
ADISA (Asset Disposal and Information Security Alliance) offers industry-leading standards certification for companies that provide IT asset disposal services to manufacturers and developers of software and hardware data sanitization solutions.
ADISA has a rigorous process for certification that aligns with NIST guidelines. Companies wanting to become part of the alliance have to go through the certification and meet the organization’s criteria to be certified.
Whether you’re looking for yourself or your business, don't buy a used device without a Phonecheck Certified History Report. Purchase one today for about the cost of a cup of coffee.