Securing Storage: Complete Data Erasure on Storage Systems
by Leo Colborne - Senior VP for Global Customer Service, EMC - Thursday, 16 June 2005.
Out of sight, out of mind. When storage systems are upgraded, retired due to proactive maintenance, reach the end of their lease, or are repurposed or resold, companies often delete the data from the disks and forget about it. However, there is a tremendous amount of critical, confidential, and competitive information on those disks that cannot be completely erased by just pressing a delete button.

This exposes competitive intelligence, increases vulnerability to industrial espionage and litigation, and jeopardizes an organization's compliance with corporate governance practices and state, federal, and industry regulations that protect proprietary and confidential corporate, customer, and patient information. For example, regulations such as DOD Pub. 5220-22.M, Sarbanes-Oxley, and HIPAA require proof of secure erasure.

Consequently, it is vital that data be completely erased and the erasure recorded to ensure critical and confidential information is secure from accidental or malicious recovery. Done correctly, data removal meets important compliance regulations and guidelines for erasing data, such as sensitive patient records or financial procedures.

Why Ensure Erasure?

There are several reasons for completely and provably erasing stored data, including:

  • Data disposal and erasure has to conform to industry and other regulatory requirements.
  • Potential litigation, loss of intellectual property, or financial loss can result from un-secure data disposal.
  • Un-erased information is still accessible when storage systems are returned under lease, redeployed, swapped, or repurposed.
  • Corporate guidelines require data erasure and removal of proprietary information prior to returning leased systems or repurposing storage systems.
  • Some companies or industries require proof of data erasure and overwrite levels.
  • Companies have different data disposal standards for different types of information.
  • Some companies and industries require a three-pass or greater overwrite process (recommended in DOD 5220.22-M level).
  • Companies have strict security requirements, to retain all disks and you need to secure them.
Delete That Disk


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th