Data Sanitization :

What, Why, When and How?

Legal and regulatory compliance and the process to get there.

Paul Ristoja, Account Manager, EEU & ME & Africa‚

Blancco‚ a division of Blancco Technology Group

What does Blancco do?

Wikipedia’s answer:

Blancco Ltd. is an international data security company that

specializes in data erasure and computer reuse management

solutions for corporations, governments and computer

remarketing companies worldwide.

My answer:

Blancco Group worldwide

Blancco products are valued by thousands of customers in more than a hundred countries.

…erasures every day.

What? Data Erasure, Data Sanitization…definitions

Data End of Life

“Media

sanitization

refers to a

process that

renders access

to target data on

the media

infeasible for a

given level of

effort.”

What is Certified Data Erasure?

Format or Delete Data Erasure

Fact: Microsoft Windows ‘Delete’ Leaves

Data Behind

8

Data End of Life- broader definition

• Erasure

technology choice

• Process

implementation

and verification

• Reporting and

audit trail

Why? Is there a disruptive trend around data

protection?

Data Erasure is part of getting over the

cloud security pain point

Experts have 2 theories for how top-secret NSA data was

stolen, and they're equally disturbing

“Some former agency employees believe

that the alleged group behind the leak, the

"Shadow Brokers," may have hacked an

NSA server that had a top-secret hacker

toolkit left there by mistake”.

Example: ‘Regin’ Malware Recovers “Deleted” Files

Regin can conduct a wide range of

operations once it infects a system,

including screenshot-capturing, taking

control of mouse functions, stealing

passwords, monitoring network traffic

and recovering deleted files.

Data erasure is increasingly important for

all corporate and government customers

National Data

Protection Law

EU General Data Protection

Regulation 2015

(GDPR)

„Right to Erasure“

ISO Standard 27001, 27040 etc.

Sarbanes-Oxley

HIPAA

(Health Insurance

Portabiltiy and Accountability)

Credit Card Industry PCI-

DSS

Cloud Industry

recommendations for all providers

Data Life Cycle

According to the Cloud Security

Alliance, it falls to

“…the provider to keep that

data secure, and when it is

deleted, the provider should

ensure (or be able to prove)

that it is permanently

destroyed.”

“Include data end-of-life (erasure)

with auditable reporting into your

cloud security ecosystem”

Cloud Security Alliance:https://cloudsecurityalliance.org/

National & Updated EU Laws: Increasing Demand on Active Data Retention Policies to Avoid Data Breaches

Global trend • Increasing laws on data protection

• Tougher penalties and more active

enforcements

EU GDPR • Requires a Data Protection Officer

• Requires auditable procedures and routines

to be in place

• Includes the “right to erasure” of data

• Requires active reporting of any data breach

• Could result in up to 4% of global turnover in

fines

ISO Information Security Standard

ISO 27001 requires both ”Privacy and

protection of personally identifiable

information” as well as ”Secure

disposal or re-use of equipment”

”All items of equipment containing

storage media shall be verified to

ensure that any sensitive data and

licensed software has been removed or

securely overwritten prior to disposal

or re-use.”

• ”Top management shall

implement the information

security policy themselves.”

• ”The policy must ensure that all

relevant risks are addressed.”

• ”Internal audits should regularly

verify that all risks are

addressed and operational

processes are in place.”

Who is responsible: What should be included at least:

Newest ISO recommendations

on how to erase and when

Erase on logical and virtual level:

“logical sanitization (see 6.8.1.3) should be used to clear

virtualized storage, especially when the

actual storage devices and media cannot be determined.”

Also an addition to Encryption:

“Sanitization of media at end-of-use situations is

recommended, even when using encryption methods.”

Organizations should maintain a record of sanitization

activities to document what media were sanitized, when, how

they were sanitized, and the final disposition of the media.

When & How ?

First things you think about…

Live Environment Erasure

LUNs and

Virtual Machines

• File, daily file erasures

• LUN, daily or logical end of life

• Virtual, daily or VM decommissioning

• Flash, daily or end of life process

Current common process:

• Security policy does not allow drives to leave the

data center.

• Expensive contracts with manufacturers to “keep

my drive” in place, combined with destruction

costs.

Improved process:

• Erase and securely send back drives under

warranty.

• Very high cost savings and enhanced

auditability.

Some examples:

#1 Break-fix processes

• Cap Gemini erased 2 SANs in the

Nordics from Poland through

remote erasure.

• When erasure was done, local

recycling company came and

picked up systems for reselling

them.

• Cap Gemini got money back

instead of spending money on

physical destruction.

SAN decommissioning # 2 Planned SAN/Server decommissioning

• Data Entry

• Data Migration within

Data Center(s)

• Data Exit

• Disaster recovery

exercises

• Test data

• Mergers and

acquisitions

#3 Planned Data Migration and DC Consolidation

Target both LUNs and VMs!

• Enable customer to feel

secure that data is

erased securely

• Detailed auditable

report provided

• Competitive advantage

compared to others

• On-Demand, integration

or automatisation

#4 Customers terminating Virtual Machines in the IaaS Cloud

• In a layered approach to data security, attacks that are missed by

one defensive layer are defeated by another. File erasure represents

a last line of defense in protecting your data.

#5 A Layered Data Protection Approach:

Including Certified File Erasure

• Most encryption is based on drive encryption and is unlocked when system is being operated.

• Encryption key management is always a challenge

• Executive travelers can also be ordered to unlock encryption on lap-tops when crossing sensitive borders

Encryption is not enough:

Some cases !

Global Data Erasure Management with reporting

30.000 Server & Storage Systems, PCs and phones, several Data Centers worldwide. A customer since 8 years back.

Global Data Erasure Management with reporting

Client equipment and Data Center equipment; Storage and Servers (Windows and Linux). A customer since 2 years back.

Global Data Erasure Management with reporting

Implementing a wholistic data erasure management solution to cover both internal needs and external customers needs. ISO 27001 and PCI DSS readiness.

Three Case Studies:

Data Erasure Management

Blancco File, Customer cases

NATO Site license to enable selected users within their organization to

erase files on a daily basis.

European Council 2000 users for installation on workstations where

sensitive information is being handled.

Shell Oil 2000 users for installation on laptops and workstations where

sensitive information is being handled.

Finnish Defence Force organizational license for all users across several

sites enabling automatic erasure of recycle bin on log out to actively

prevent data leaks.

36

Final examples…

What not to do!

A Norwegian Data End of Life Process…

Thank You !

Q & A