Browse archive

Latest news

Targeted data stealing attacks using fake attachments

A look into the EC Council hack

New Mac spyware signed with legitimate Apple Developer ID

Ransomware adds password stealing to its arsenal

"Get free followers" scam targets Instagram users

Thoughts on the need for anonymity

Four LulzSec hackers handed prison sentences

The New Yorker launches anonymous dead-drop tool

Researchers reveal OpUSA attackers' MO

Info-stealing Dorkbot worm spreading on Facebook

Review: The Hacker's Guide to OS X

Private messages of Bloomberg clients end up online

IT security jobs: What's in demand and how to meet it

Hacking charge stations for electric cars

Securing Storage: Complete Data Erasure on Storage Systems

by Leo Colborne - Senior VP for Global Customer Service, EMC - Thursday, 16 June 2005.

Out of sight, out of mind. When storage systems are upgraded, retired due to proactive maintenance, reach the end of their lease, or are repurposed or resold, companies often delete the data from the disks and forget about it. However, there is a tremendous amount of critical, confidential, and competitive information on those disks that cannot be completely erased by just pressing a delete button.

This exposes competitive intelligence, increases vulnerability to industrial espionage and litigation, and jeopardizes an organization's compliance with corporate governance practices and state, federal, and industry regulations that protect proprietary and confidential corporate, customer, and patient information. For example, regulations such as DOD Pub. 5220-22.M, Sarbanes-Oxley, and HIPAA require proof of secure erasure.

Consequently, it is vital that data be completely erased and the erasure recorded to ensure critical and confidential information is secure from accidental or malicious recovery. Done correctly, data removal meets important compliance regulations and guidelines for erasing data, such as sensitive patient records or financial procedures.

Why Ensure Erasure?

There are several reasons for completely and provably erasing stored data, including:

Data disposal and erasure has to conform to industry and other regulatory requirements.
Potential litigation, loss of intellectual property, or financial loss can result from un-secure data disposal.
Un-erased information is still accessible when storage systems are returned under lease, redeployed, swapped, or repurposed.
Corporate guidelines require data erasure and removal of proprietary information prior to returning leased systems or repurposing storage systems.
Some companies or industries require proof of data erasure and overwrite levels.
Companies have different data disposal standards for different types of information.
Some companies and industries require a three-pass or greater overwrite process (recommended in DOD 5220.22-M level).
Companies have strict security requirements, to retain all disks and you need to secure them.

Delete That Disk