Categories
Blog Data Erasure

Trends in Data Destruction

Advances in technology and the emergence of new data storage devices have led that data destruction has become a more complex issue because there are new aspects to it. This blog summarizes the current trends in data destruction.

The Emergence of New Data Storage Devices

Flash memory-based data storage devices with high capacity, small size, and fast data processing speed are now available. They have different physical properties than traditional magnetic hard drives. Even magnetic hard drives have changed—they have higher capacity and different physical properties than previous ones. Flash memory-based data storage devices exist in various forms, such as USB flash drives, external hard drives, etc. They are also built into laptops, tablets, and smartphones. In addition, large amounts of data are now stored in cloud systems, which sometimes need to be wiped clean as needs are. Data destruction processes need to be adapted to suit the newest data storage models.

New Media Sanitization Standard

As data storage devices diversify and technology advances, it is no longer possible to define a media sanitization method as a standard for all. In the United States, DoD 5220.22-M, which was recommended as the standard for disk-wiping algorithms, is officially no longer valid. NIST SP 800.88 Rev. 1, titled “Guidelines for Media Sanitization”, has taken its place. This document defines three categories of media sanitization: clear, purge, and destroy. It also provides minimum requirements and guidelines for each media sanitization category and each storage device. Every organization should refer to it to establish and implement its own media sanitization policies and procedures.

One-Pass Overwrite Is Sufficient

For the latest magnetic hard drives, the Guttman method (35-pass overwrites) and the DoD method (3- or 7-pass overwrites), which have long been recognized as international de facto standards, are no longer needed. Studies show that one-pass overwrite is sufficient. With the use of much higher density than in the past, the likelihood of recovering the original information using a magnetic force microscope is diminished. Indeed, there have been no reported cases of anyone using this manner to recover overwritten data. Nevertheless, many organizations are still using old overwrite standards, even though it seems like a ‘traditional ritual,’ which is an overkill.

Data Destruction Using Dedicated Sanitize Commands

Flash memory-based data storage devices, such as SSDs, provide dedicated sanitize commands which write and erase significantly faster than overwrite methods in magnetic hard drives. Overwriting flash-memory-based data storage devices dramatically shortens their lifespan. Also, the physical storage area that stores the actual data and the logical storage area that can be accessed by the software are distinct, so even if the software overwrites something on the drive, the old data may remain in a different area. The user needs to know the available commands for each storage device, to make sure every storage area of the device is wiped clean.

Cryptographic Erase (CE) Method

CE encrypts stored data and removes the encryption key, making the data irrecoverable. This process is faster and more efficient than erasing data, and CE is a good method to sanitize partial data in the cloud system as well. However, to use CE one must ensure that all encryption keys have been deleted completely and that all data has been encrypted. In addition, NIST SP 800.88 recommends that users consider the following when deciding whether to use CE: 1) whether encryption keys are generated in a proper manner, 2) whether the encryption the media to protect the data is strong enough, and 3) whether the security level of the encryption key and the wrapping technique are appropriate for the CE. In a nutshell, CE can be very efficient if used correctly, but it is difficult to verify that it has worked.

Limitations of Degaussing

A degausser cannot wipe out all storage devices. Flash-memory-based storage devices, for example, cannot take advantage of a degausser because their data is not damaged by magnetic shock. Some of the latest magnetic hard drives also have high coercivity, so data managers should make sure that their existing degausser actually works on the device they wish to erase.

Physical Destruction

The higher the density of a flash memory chip, the greater the chance of data recovery, unless it is shredded into pieces that are much smaller than the original device. In addition, since the flash memory chip is very hard, it is easy to damage the grinder, which may need a replacement of its parts or of the entire machine. Finally, physical destruction can generate harmful substances that must be handled carefully. Overall, the cost of physical destruction has been increasing.

The Importance of Software Wiping

NIST 800.88 recommends selecting a data erasure method according to three categories (clear, purge, and destroy) depending on the confidentiality of the data and whether the device is reused or controlled in the organization. As a result, organizations need to be selective and capable of different erasure methods, including software wiping, degaussing, and physical destruction.

It is widely recommended to have clearly defined software-wiping policies and procedures in an organization. For maximum security and convenience, organizations should undertake software wiping before reusing storage devices, even for devices that are slated for complete disposal. Outsourcing the entire data destruction process increases the likelihood of data leakage because the storage device must pass through the hands of several people before the data is erased completely. Thus, software wiping, which is less expensive than degaussing or physical destruction, is an essential requirement in an organization.

Secudrive Drive Eraser

Secudrive Drive Eraser provides suitable sanitization and verification methods for a variety of media. It provides ATA commands for SSDs as well as overwriting of magnetic disks. The hexadecimal view verifies the data before and after wiping. Furthermore, after the deletion, logs on computers, storage media, and wiping information are automatically generated. The logs can then be output as tamper-resistant reports and stored in various file formats for easy integration in the organization’s IT asset management system.

Categories
Blog Data Erasure

NIST SP 800-88 Summarized

NIST SP 800-88 Rev. 1, Guidelines for Media Sanitization, can be summarized as follows: 1) the purpose and scope of the document, 2) the new trends in storage media, sanitization technology, and associated issues, 3) three types of media sanitization, and 4) information sanitization and disposal decision making. This blog omits roles and responsibilities relating to media sanitization in an organization, which is contained in Chapter 3 of the document. In order to give you a general understanding of this document, this blog post is a brief summary. It is recommended to read the full guidelines if you want to understand it thoroughly.

What is NIST SP 800-88?

NIST (National Institute of Standards and Technologies) released its Special Publication 800-88 Rev. 1, Guidelines for Media Sanitization, which was revised from its original edition of 2006. The guideline has been a new standard for media sanitization in organizations ranging from public to private, from the US to other countries. It is also known as ‘NIST SP 800-88,’ or ‘NIST 800-88.’

The objectives of the document: Guidelines, not a standard

Whereas ‘DoD wipe standard’ is a standard method for wiping hard disk drives, NIST 800-88 is simply guidelines for organizations. The guidelines cover media from papers to servers and sanitization methods from overwrite to shredding. The article states that the objective is “to assist with decision making when media require disposal, reuse, or will be leaving the effective control of an organization. Organizations should develop and use local policies and procedures in conjunction with this guide to make effective, risk-based decisions on the ultimate sanitization and/or disposition of media and information.”

New Trends of Media Sanitization

You can shred paper to sanitize it. However, the sanitization of electronic storage media is more complex. In particular, new technological methods are needed for sanitizing emerging storage media.

1) The emergence of flash memory-based storage media: With the advent of flash memory-based storage media with higher capacity than conventional magnetic storage, overwrite is not sufficient for sanitizing them. Thus, the old DoD Standard is no longer valid for all media. This is one of the main reasons why the media sanitization method is becoming more complex as well.

2) Dedicated Sanitize Commands: Flash memory-based storage media are recommended to be sanitized by using dedicated sanitize commands. You should use the correct commands for your particular media (consult your vendor to find the right commands). 

3) The threat to degaussing: New magnetic storage also may have higher coercivity due to technological advances. Existing degaussers may not be suitable for them. Check with your degausser and storage media vendor to see if your current process is adequate.

4) The threat to physical destruction: The higher the density of flash memory, the smaller the size of the shredded particles needed for the physical destruction of it. Additionally, the increased hardness of the media may cause inadvertent damage to the grinder.

5) Cryptographic Erase(CE): New media often supports CE. CE is a very efficient way to prevent data recovery. It only sanitizes the encryption key, leaving the data encrypted in the storage. However, the disadvantage is that it is difficult to verify the sanitization, so it must be applied carefully.

Three categories of Media Sanitization

This document defines three categories of media sanitization:

1) Clear applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques; typically applied through the standard Read and Write commands to the storage device, such as by rewriting with a new value or using a menu option to reset the device to the factory state (where rewriting is not supported).

2) Purge applies physical or logical techniques that render Target Data recovery infeasible using state of the art laboratory techniques

3) Destroy renders Target Data recovery infeasible using state of the art laboratory techniques and results in the subsequent inability to use the media for storage of data.

Appendix A, Minimum Sanitization Recommendations for each media type, states that ‘clear’ can be accomplished by software wiping, ‘purge’ can be done by software wiping and degaussing, and ‘destroy’ can be physical destruction, for most magnetic media and flash memory-based storage devices.

Information Sanitization and Disposal Decision Making

The document offers suggestions for how to choose one of the above technique categories for sanitizing and disposing of media. (See the below flow chart.)

Figure: Sanitization and Disposition Decision Flow(Source: NIST SP 800-88, p.17)

1) Information Decisions in the System Life Cycle: You should consider how to sanitize data at the start of system development. The sanitization method depends on the type of storage device. The document recommends organizations to request a ‘statement of volatility’ of the device from the product vendor.

2) Determination of Security Categorization: Early in the system life cycle, you should determine the level of confidentiality of the information according to FIPS 199, NIST SP 800-60 Rev.1, or CNSSI 1253. This security categorization should be regularly updated and applied throughout the system’s life every three years or any time a significant change occurs in the system.

3) Determination of Reuse of Media: The sanitization method may vary depending on whether the media is reused or recycled.

4) Determination of control of media: The method of sanitization depends on whether the media is still within the organization’s control or whether it has been donated, resold, or disposed of externally.

5) Data protection level: For example, even within an organization, if two departments have different access rights to the information, you might need to sanitize the device that stored the information when it moves from one department to another.

6) Verification: You must verify that the sanitization has been completed properly. You can use both the full verification and the verification of the representative sample. The verification method should be selected carefully according to the technique used for the sanitization method and types of media. Appendix A offers verification methods for some media.

7) Documentation: Detailed information about the sanitized media, the sanitization method, verification method, and worker information should be documented and stored.

The appendices

The appendices of this document are full of practical information as follows: 1) The minimum sanitization recommendations for each media, 2) tools and resources relating to media sanitization, 3) cryptographic erase device guidelines, 4) device-specific characteristics of interest, and 5) a sample “certificate of sanitization” form.

Conclusion

In conclusion, the document is intended to help organizations make decisions to establish policies and procedures on how to sanitize the media. It also provides detailed minimum requirements and checklists on how to achieve three different types of sanitization, such as clear, purge, and destroy, depending on the nature of the media. Therefore, according to the guidelines presented in the document, organizations should create media sanitization policies and procedures to abide by the specific data protection regulations that organizations should follow. However, it is challenging for general users to obtain all the characteristics of all storage media from vendors and to have the verification method as the guidelines suggest.

Sanitization software can automatically adopt suitable wiping methods for specific media as well as provide automatic verification methods. Secudrive Drive Eraser provides suitable sanitization and verification methods for a variety of media. It provides ATA commands for SSDs as well as overwrite for magnetic disks. The hexadecimal view verifies the data before and after wiping. Furthermore, after the deletion, logs such as computers, storage media, and wiping information are automatically generated. The logs can then be output as tamper-resistant reports and stored in various file formats for easy integration with the organization’s IT asset management system. For more, see our blog post on how to use Secudrive Drive Eraser for HIPAA compliance.

Categories
Blog Data Erasure

The DoD 5220.22-M Wipe Method And Its Applications

The DoD 5220.22-M data wipe method has long been widely used by organizations as a standard for data erasure. This blog discusses what DoD 5220.22-M is, recent issues relating to it, and its applications.

What is DoD 5220.22-M? 

The DoD 5220.22-M data wipe method is a software-based process to overwrite existing information on a hard drive or other storage with patterns of ones and zeros to make the original data irrecoverable. 

This method is typically implemented in the following manner:

  • Pass 1: Writes all addressable segments of the hard disk drive (HDD) with a zero
  •  Pass 2: Writes all addressable segments of the HDD with a one
  • Pass 3: Writes all addressable segments of the HDD with a random character
  • Verify the final pass

History of DoD 5220.22-M

In 1995, the above DoD 3-pass method for data erasure was first published in US Department of Defense document #5220.22-M. In 2001, a 7-pass method, DoD 5220.22-M ECE, was added in a DoD memo. The most recent version, released in 2006, no longer specified the standard data erasure method. Thus, in other words, both the usual 3- and enhanced 7-pass methods are not accepted by the US Department of Defense anymore. 

However, ‘the DoD wipe method’ is still the most common method of erasing data that many public institutions and companies around the world trust and use.

Why DoD 5220.22-M no longer specifies the standard

The emergence of new media

Conventional magnetic hard disks have matching physical-logical addresses. That is, the logical address specified when writing data to an HDD corresponds to the physical location on the disk platter of the HDD. However, this is no longer true for flash memory-based storage devices. Such a device typically has at least 20 percent or more physical capacity than its logical one. Further, the device’s firmware opaquely determines where data are written physically, for the technical characteristics of flash-memory. As a result, remnant data may be available to a sophisticated attacker even after overwriting on the entire storage has been performed. Therefore, many Solid State Drive (SSD)-based storage media support dedicated wipe commands, whereas the software-based overwrite method can only be used for magnetic type hard drives.

A single overwriting is very likely sufficient

some researchers have demonstrated that a single overwriting is enough to prevent data from being recovered (Gordon Hughes and Tom Coughlin, Craig Wright et al). Due to technological advances, the one-pass method is recognized as being sufficient, improving the efficiency of sanitizing operation by saving time. Finally, in 2014, NIST SP 800-88 Rev. 1 states that “for storage device containing magnetic media, a single overwrite pass with a fixed pattern such as binary zeros typically hinders recovery of data even if state of the art laboratory techniques are applied to attempt to retrieve the data.” Not everyone agrees on this approach, and many still prefer to overwrite several times. However, it is also true that the consciousness of having to overwrite three or seven times has disappeared.

Guidelines for Media Sanitization

NIST special publication 800-88 revision 1, Guidelines for media sanitization’ was released in 2014. The guidelines reflect more up-to-date media and sanitization technologies and also provide more detailed consideration of all sanitization methods such as wiping, degaussing, and physical destruction according to each media as well. Since 2014, regulations have cited the guidelines rather than the DoD standard. 

Guidelines for Media Sanitization by NIST

The guidelines have become a comprehensive standard for data erasure in the US since their publication. They define three categories of media sanitization as follows: 

Clear applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques; typically applied through the standard Read and Write commands to the storage devices. (wiping)

– Purge applies physical or logical techniques that render Target Data recovery infeasible using state of the art laboratory techniques. (wiping, degaussing)

– Destroy renders Target Data recovery infeasible using state of the art laboratory techniques and results in the subsequent inability to use the media for storage of data. (physical destruction)

The guidelines provide detailed media sanitization methods that meet the characteristics of each storage media for each category. According to the confidentiality level of stored data, organizations should prepare and implement policies and procedures by combining wiping, degaussing, and physical destruction for media sanitization, when they reuse or dispose of the media.

How to wipe all

The DoD 5022.22-M data wipe method is still the most widely used approach. It can often still be required by an organization’s policy or regulations. The method still works for HDDs, although it may be overkill. Sometimes, however, the method, as well as any other data wipe method based on overwrite, has an apparent limit for flash memory-based storage devices, including SSDs. SSDs must be erased using dedicated firmware command, according to the NIST guideline. 

Secudrive Drive Eraser supports ATA (Advanced Technology Attachment) command for SSD sanitization as well as more than 20 international erasure standard algorithms including the DoD standard for magnetic hard disk wiping. It also provides logs and reports, which may be used later to confirm that a storage device has indeed been sanitized by a specific method. The logs and reports can be easily integrated with IT asset management systems. As a result, Secudrive Drive Eraser helps you easily to abide by the Guidelines for Media Sanitization in the system life cycle.

Categories
Blog Data Erasure

Data Destruction for HIPAA compliance

The HIPAA (The Health Insurance Portability and Accountability Act) strictly regulates covered entities not to disclose PHI (Protected Health Information) to the unauthorized public, in the process of the creation, storage, transmission of PHI.

PHI includes almost all information on a patient:

1)     any identifying information about a patient as an individual, including his or her name, phone number, email address, social number, health insurance subscriber number, credit card information, photographs, etc.

2)     a patient’s medical information, including medical conditions, prescriptions, x-ray image, blood test report, etc.

Noncompliance may result in fines that range between $100 and $50,000 per violation “of the same provision” per the calendar year. Many OCR (The Office of Civil Rights) HIPAA settlements have resulted in fines of over $1 million. The largest settlement as of September 2016 was for $5.5 million, levied against Advocate Health Care, stemming from several breaches that affected a total of 4 million individuals.

Many cite ‘Improper Disposal of PHI’ as one of the top 10 most common HIPAA violations.

Employees inadvertently throw away documents in the trash, or dispose of USB drives, external hard drives, or computers, causing frequent PHI leaks.

PHI printed on paper can be easily disposed of by shredding in a document shredder. However, complete deleting ePHI (electronic Protected Health Information), PHI stored in a computer, is not simple: Even if you run ‘delete’ or ‘format’ command to erase the information on Windows, the information can be easily recovered.  Besides, the storage device stores the most information just before disposal, so if you dispose of the device without data destruction, you will encounter a tremendous amount of information leakage accident.

Standard §164.310(d)(1) Device and Media Controls, in HHS HIPAA Security Series 3: Security Standards – Physical Safeguards, regulates that covered entity must “implement policies and procedures to address the final disposition of electronic protected health information, and/or the hardware or electronic media on which it is stored,” and “implement procedures for removal of electronic protected health information from electronic media before the media are made available for re-use.” It also gives three methods of ePHI data destruction, as examples, for the data to be unusable and/or inaccessible: erasure software, degaussing, and physical destruction.

Secudrive Drive Eraser can completely erase data stored on computer hard drives, USB flash drives, external hard drives, and SSDs, as one of the erasure software solutions. The solution supports about 23 international standard algorithms. The software comes in a USB flash drive, plugging the USB flash drive into the computer and clicking the executable file makes the data deletion process very easy. It’s easy enough for non-IT professionals to run it on Windows. The results of data wiping are saved back to USB in the form of logs and reports. You can use tamper-proof reports as evidence of HIPAA compliance.

Data destruction service providers often perform degaussing and physical destruction methods because of physical tasks such as removing the hard disk from the computer. If you outsource the service, there is a risk of loss or theft during shipping or storage. It cost relatively expensive as well. Secudrive Drive Eraser could be one of the best options due to cost-effectiveness as well as security.

Categories
Blog Data Erasure

Disk Wiping Vs. Physical Destruction

Data wiping with Secudrive Drive Eraser makes it logically unrecoverable by repeatedly overwriting zeros, ones, or random numbers on the disk where the original data resided. It uses internationally recognized standard data erasure algorithms so that it can be recognized as completely deleted, just like physical destruction. Therefore, it allows you to comply with various data protection regulations with that companies and organizations must comply.

Data wiping with Secudrive Drive Eraser is 1) more cost-effective, 2) more secure, and 3) more convenient for management than physical destruction.

Secudrive Drive Eraser

Physical Destruction

Data

Unrecoverable

Unrecoverable

Device

Reusable, Resellable

Trash

Record

Temper-Proof Report

Photo/Video

Workplace*

On User’s Desks

Warehouse

Where to erase

Move After Erase

Move and Destruction

Data Breach Risk

Minimum

Relatively High During 
Moving/Storage

Integrated with
IT Asset Management

Easy Integration with
logs

None

  • Secudrive Drive Eraser can wipe drives separately stored in a warehouse, too. However, Secudrive recommends wiping before moving machines to a warehouse to improve security.

More cost-effective: wiped drives can be resold, reused, or donated.

You can resell, reuse, or donate wiped hard drives, while physical destruction makes the hard drive industrial waste. It is also common that the price of erasure software is generally significantly lower than the cost of physical destruction services. Besides, It is eco-friendly because it does not cause industrial waste, including toxic substances.

More secure: fewer handlers, fewer locations, and tamper-proof reports enhance security

Companies use data destruction service providers for physical destruction. IT department collects disposed computers that still have the unwiped date and store them in an inhouse warehouse or somewhere. Then a data destruction service provider moves the machines into a workplace with physical destruction equipment like a shredder. Then workers at data destruction service companies punch or shred the disks or computers. Since physical destruction is cumbersome to be done in the company’s office, the data is inevitably destroyed after carrying by various hands through various places. Possibility of theft or loss, in other words, data leakage risk, increases.

Recently, more and more companies have introduced data wiping instead of physical destruction for data destruction. Secudrive Drive Eraser is easy enough for the companies to be done in the office. Even general users can wipe their own disks by themselves on their desks, or IT personnel can wipe computers gathered to an in-house IT department. Security vulnerabilities are much reduced by minimizing the number of transfers, storage, and related parties.

Finally, it is convenient to record data destruction operations. It is essential to record data destruction to prepare for post audits under various security regulations. Pictures or videos are the only way to record physical destruction work. There is also the possibility of forgery and alteration. However, the wiping software automatically collects information on computer, disk, and erasure operation. It also creates tamper-proof reports.

Integrated management

IT managers can manage disk wiping operations remotely with the logs and reports. The logs and reports can also be easily integrated with the company’s asset management solution.

Categories
Blog Data Erasure

When to Completely Erase PCs

When it comes to robust data security, erasing PCs completely before reusing or disposing of them is critical, even though it is considered difficult and time-consuming. Questions may be raised as to why it is critical, and the answer to those questions is that PCs contain the highest volume of enterprise data, which if leaked or breached, can cause vital data security lapse that may be neither detected nor controlled.

Right now, there are three major methods to erase PCs completely, also widely known as disk erasure: physical disk destruction, degaussing, and overwriting. These methods are equally competent and effective, but overwriting stands out against the other two, in regards to cost-efficiency—it does not make the PC disks unusable, whereas the other two do the opposite. It uses internationally certified algorithms that remove the PC data by overwriting it with randomized data; therefore, it allows the enterprises to reuse the disks, provided they are still in good condition. Furthermore, overwriting reduces e-waste, helping companies do their part for eco-friendly, corporate social responsibility.

Overwriting is the most common disk erasure method; however, if hundreds and thousands of PCs need to be erased, it becomes problematic due to its time-consuming and complicated process, as depicted below.

  1. Collect the PCs that are subject to be replaced for reuse or disposal.
  2. Transport and store the PCs in separate spaces or facilities.
  3. Assign personnel to manually run overwriting programs on each PC to erase stored data.
  4. Reuse or dispose of the PCs that completed the overwriting process.

To save time on such a problematic process, enterprises often employ external services. However, such a decision can be a worrying one for enterprises and the responsible parties—all data stored on the PCs in the hands of external services are in their most vulnerable state, where they can be exposed or leaked. Even worse, enterprises will not know whether their PCs have been exposed. To help enterprises lessen their worries, these services provide extra security measures such as video surveillance, RFID tracking barcodes, live streaming of the full process, and heavily secured trucks, which attempt to ensure the safety of PCs and the stored data while they are being transported to and kept in the external facilities. However, a higher level of security leads to increased cost and prolonged processes for the enterprises to endure—this is why disk erasure by overwriting, despite its undoubted necessity and advantages, can become a headache.

Erase PCs in the comfort of your desk for sustained data security and enterprise efficiency

What if enterprises could erase their PCs within their secure office premises from start to finish? After all, issues of vulnerable data security and enterprise inefficiency are rooted in the complications that arise from transporting and storing PCs in external facilities. By entirely removing this negative variable, enterprises no longer have to worry about data security and increased costs because extra security measures like armored trucks or video surveillance cameras are no longer necessary. Thus, Secudrive encourages enterprises to erase all PCs in their secure office premises. With the innovative disk erasure solution Secudrive Drive Eraser, enterprises can facilitate on-site disk erasure by overwriting—enforced by administrators or self-service format—in addition to comprehensive management of multiple disk erasure processes.

Check out our next blog to discover more about Secudrive Drive Eraser and why it is an essential disk erasure solution for all enterprises!

Categories
Blog Data Erasure Device Control File Server Security USB Sescurity

How to Prevent Potential Data Leaks before and after Employees Depart

Four Secudrive data security solutions to help prevent potential data leaks before and after employees depart

When employees join and leave enterprises, the primary concern is to find replacements or re-shuffle the organization structure. However, one crucial, or the riskiest concern that enterprises may overlook is that the departing employees can accidentally or intentionally leak confidential data on their way out, or even after their departure.

Acknowledging that confidential data leakage upon employee departure is more than plausible and that consequences can be damaging, Secudrive recommends its four solutions – Secudrive File Server, Device Control, USB Office, and Sanitizer – that synergize to stop employees from accidentally or intentionally leaking confidential data, before and after their departure.

1) Secudrive File Server helps enterprises to set up a secure file sharing environment where confidential files can be consolidated and protected in a centralized system of file servers. Firstly, Secudrive File Server ensures that consolidated files are isolated from the employee PCs’ local environment, making them only accessible and usable directly on shared folders. Then digital rights management (DRM) is enforced for each folder to stop employees from leaking confidential data.
Digital rights management is the key to Secudrive File Server, restricting specific functions of files and data. With DRM in place, employees can use enterprise files as normally; however, they will be strictly restricted from specific actions that potentially lead to file leakages, like file copying, screen-capturing, printing, and more. With data leakage blocked by DRM, employees will not be able to export confidential data to their PCs’ local environment or outside environment via offline (storage devices) or online (e-mail or messaging apps) methods.

2) Secudrive USB Office and USB Management Server is a solution suite that provides enterprises a secure media to safely store and transport confidential data outside the office environment. Secudrive USB Office is a hardware encrypted USB with DRM, ensuring data security when employees need to take out confidential files for certain situations like business trips, which may seem to be opportune for data leaks. It brings hardware-encryption with AES-256 crypto chip and DRM (identical to that in Secudrive File Server) to ensure that data stored in Secudrive USB Office are safe from not only outsiders’ unauthorized access but also potential leakage that may occur ‘after encryption.’
In addition to the security measures integrated with the USB drives, Secudrive provides a supplementary Secudrive USB Management Server (UMS) that establishes a remote, centralized platform to manage multiple USB drives and their security policies at once. The more USB drives enterprises use, the harder it is to control, and UMS was developed to eliminate such difficulty by allowing enterprises to keep track and change security policies of multiple USB drives at once, real-time. One critical advantage of real-time management is the ability to instantly respond to unexpected events like USB drive thefts or losses. As enterprises ordinarily use regular USB drives with no security measures implemented, and the data stored is exposed to leakage risks by both outsiders and insiders. Therefore, Secudrive’s USB drive security and management solution will prevent data leakage threats by not only outsiders but also insiders.
Even though the enterprises have secure USB drives, backed by a robust management tool at their disposal, they must make sure that only those USB drives are used by employees. Simply encouraging employees or enforcing some policies is not safe enough, since departing employees willing to steal confidential data can easily use their USB drives. Then how can enterprises limit their employees to use only the safe, security-equipped USB drives?

3) Secudrive Device Control regulates and monitors all or specific devices that are used on the endpoint PCs, through ports like USB, Wi-Fi, LAN, and IEEE 1394. As removable storage devices have become IT commodity for everyone, they have naturally become an integral part of enterprises as well. However, enterprises must first control the use of USB drives to eliminate any possibility of data leaving the enterprise premises.
Secudrive Device Control helps enterprises establish and implement various security policies on multiple groups effectively, by initially drawing the information on how all the PCs and employees (users) are structured together from Windows Active Directory (AD). Moreover, when an employee needs to use certain devices for specific tasks, Secudrive Device Control can temporarily ‘unblock’ specific ports, keeping the work productivity flowing. In this case, it is imperative that USB drives be integrated with reliable security measures.

4) Secudrive Drive Eraser is a disk wiping solution that stops potential data leaks from old PCs used by departing employees. When employees leave, their PCs either change ownership or are destroyed, and before doing so, enterprises often format the PCs. However, PC formatting is never enough as it merely removes the path to the data, not the data itself, which actually can be recovered and even worse, be leaked out.
By using Secudrive Sanitizer can the enterprises completely ‘wipe’ multiple PCs simultaneously, and even execute multiple wiping processes remotely from a centralized console. It ensures that PCs are free of remnant data after being wiped with internationally recognized wiping algorithms. Then the enterprises can re-assign or destroy the old PCs used by departing employees, knowing that all data has been rendered unrecoverable. Moreover, remote PC wiping allows bigger enterprises with multiple locations to wipe their PCs with just a few clicks and to monitor the process from start to finish.

All in all, the four Secudrive solutions – Secudrive File Server, Device Control, USB Office, and Drive Eraser – form a holistic data security architecture that stops departing employees from leaking confidential data before and after their departure.

Categories
Blog Data Erasure Device Control File Server Security NEWS Press Release

3 Technological Security Measures to Prevent Data Leaks When Employees Depart

To help employees fulfill their professional initiatives, enterprises must provide a variety of physical and digital tools that enable the employees to take full advantage of enterprise data and resources. When the employees move on to different jobs, however, rolling back on all the capabilities that the enterprises once gave to their employees is another important duty. After all, departing employees can be either direct or indirect causes of data leaks, whether accidental or malicious.

To prevent departing employees from leaking confidential data, enterprises have been implementing several conventional measures like establishing policies, preparing legal documentation like a non-disclosure agreement, training/education sessions, and deactivating accounts used by ex-employees (PC, devices, cloud and more). Perhaps these can be considered to be enough to prevent leakage of confidential data; however, they are only focused on “discouraging” employees from leaking data when they depart. Instead, enterprises need to implement technological measures to actually “stop” data leaks from occurring.

1) Consolidate all files into a data repository equipped with data leakage controls and real-time monitoring

Preventing data leaks by departing employees begins with consolidation and isolation of confidential enterprise files in data repositories and away from individual employee PCs, which can become exit points from which confidential data can be wrongfully leaked, deleted, or edited.

However, this security measure is just the basic foundation of security architecture to prevent data leaks by departing employees. Therefore, by integrating data leakage controls to restrict copying, screen-capturing, printing, and network-transferring the files out of file servers, can enterprises form multi-layered and tighter protection of confidential data.

If the employees need to bring confidential data out to their local storage for certain tasks, enterprises must ensure that all relevant activities regarding the files and users are tracked with logs. Logs are important for both preventative and corrective action as a response to data leaks by departing or departed employees since enterprises can not only detect wrongdoing beforehand but also identify the wrongdoers even after they have quit.

2) Control and manage portable storage device usage on endpoint PCs

Employees now have more kinds of portable storage devices, like USB drives and smartphones, at their disposal for better and improved work performance. However, these devices must be used under the organization-wide enforcement of strict control and thorough management to ensure that those devices do not leave the office premises with confidential data inside.

Together with enterprise policies and culture that discourage the use of storage devices for purposes other than those work-related, a series of technological measures must be implemented to deter employees from doing so. Firstly, enterprises must block the ports (USB, IEEE 1394, and so on) on the PCs used by the employees. By doing so, not only existing but also soon-to-depart employees cannot use portable storage devices to take confidential data from enterprise premises, whether such action was done by mistake or with malice. However, blocking all ports may not be the best option, if the enterprises require permitting specific ports for specific tasks or employees. For this case, it is imperative to implement a management tool that oversees all ports and connected devices on all employee PCs, and that is capable of enforcing and lifting restrictions for specific circumstances.

3) Wiping used hard disks before disposing or recycling used PCs after employee departures

When employees depart, it is common for enterprises first to format the used PCs, and then re-assign or destroy (if outdated) them. Unfortunately, this practice may trigger unexpected data leaks, as the remnant files that contain or are relevant to enterprise confidential data can be recovered, even though the PCs have been formatted beforehand.

Therefore, to prevent data leaks by recovery, enterprises must wipe remnant data on old PCs by using data erasure solutions like degaussing, overwriting with randomized data, or even the physical destruction of PCs. These three solutions achieve the same goal of data erasure, but only one provides enterprises with an extra advantage: overwriting wipes remnant data completely and maintains the disks as usable, while the other two methods do not. Thus the disks overwritten with randomized data can be recycled to be assigned to new employees, and the enterprises will not have to worry about possible rediscovery and leakage of remnant data.

When employees depart, enterprises must think beyond handling more paperwork and recruitment, as their confidential data can, or even worse, could have been at risk of being leaked. The biggest issue with data leaks by departing employees is the increased difficulty of identifying who the wrongdoers are, and of taking a course of corrective actions. The three key measures mentioned above address the importance of data leakage prevention before and after departing employees, whether their involvement direct or indirect. Check our next blog to see how Secudrive solutions bring these measures into practice for enterprises, whether big or small, to ensure that confidential data do not leave along with the departing employees.

Categories
Blog Data Erasure Device Control File Server Security NEWS Press Release

4 Ways How Departing Employees Can Leak Confidential Data on Their Way Out

When employees leave, it is not just about more paperwork and recruitment efforts. In fact, enterprises must also make sure that confidential data does not leave with the departing employees. According to Osterman Research, 69% of organization surveyed indicated that departing employees pose a threat of data leakage.

It is important to know “why” departing employees might leak confidential data. Often, the reasons are classified into two characteristics: accidental and malicious. Accidental data leaks are closely related to employees’ negligence of what confidential data means for enterprises and of potential consequences for data leaks. Ponemon Institute study showed that over 50% of the reasons why departing employees took confidential data was the perception that “everyone else did it when they left.”Meanwhile, malicious data leaks are about personal interests. Lately, many enterprises are warned of malicious data leaks, as data has increased in its monetary value, and competition among corporations, which may lead to corporate espionage cases, has never been fiercer.

Then, what are the four potential threats and how do employees attempt to leak the confidential data on their way out?

1) Employees depart with confidential data in their hands, literally.
Whether accidental or malicious, departing employees have a variety of ways to take confidential data on their way out. One of the easiest ways is to secretly export confidential data to employees’ storage devices like USB drives, external hard drives, and even CD/DVDs.In 2017, a data leakage case that involved global semiconductor firm Micron, which suffered data leakage of monetary scale up to hundreds of millions of dollars, was caused by ex-employees who used USB drives to export and steal intellectual properties.

2) Departed employees access old enterprise accounts.
Google Suite, Microsoft OneDrive, Dropbox… Enterprises now rely on cloud-based storage networks for their daily operations, for their convenience and functionality. Therefore, when employees depart, it is crucial that all accounts with access to confidential data are completely deleted. If not done so, enterprises face another risk of data leakage. Personnel changes or big layoffs are already a big burden, but acknowledging the importance of deactivating enterprise accounts must never be ignored.

3) Departed employees instruct current insiders to take confidential data for them.
Even if the relationship between departed employees and the enterprises has been severed for good, those employees can still find a way to get confidential data in their hands. By asking the current employees privately, departed employees can indirectly obtain confidential data, delivered online or offline. Because this case involves multiple individuals in and out of enterprises, a systematic approach that combines both organizational measures and technological solutions are required.

4) Remnant confidential data can be recovered from the PCs previously used by departing employees.
After the employees depart, it is a common practice to reassign enterprise PCs to new employees or dispose of them for good. Before doing so, enterprises initially format the hard disks to make sure that none of the remnant data are recoverable. However, this is insufficient to completely stop data leaks because disk formatting merely removes the path to remnant data, not the data itself. Therefore, proper data erasure, not conventional file deletion commands, must be the priority in preventing potential data leaks through data recovery.

For enterprises, departing employees must mean more than extra paperwork and recruitment efforts, because they can unexpectedly become a source of data leakage, which can be catastrophic to enterprises. It is a tough challenge; however, knowing the four potential methods of data leaks by departing employees, as mentioned above, is a solid starting point to ensure that none of the confidential data leave the enterprise premises.

Categories
Blog Data Erasure Device Control File Server Security USB Sescurity

[General Data Protection Regulation ④] How to Comply with GDPR

Secudrive recognizes the GDPR as a welcoming and progressive leap to protect the rights and freedom of all EU citizens with the new laws for comprehensive personal data protection, and an exciting opportunity for us to solidify our commitment to what we do best: providing reliable data security solutions for businesses and organizations.

The GDPR requires global organizations to comply with its organizational and technological requirements if or to process personal data of any EU citizen. Organizational requirements are considered as clear-cut, as they pertain to appointing the right people for the right positions, such as Data Protection Officers (DPO), and educating the employees and external personnel about the GDPR and the rights of the EU citizens. On the other hand, meeting technological requirements are rather obscure and difficult, as organizations are now flooded with numerous data security solutions in the market and simply unsure where to begin. To guide the organizations to an effective shortcut to comply with the GDPR, Secudrive provides a lineup of four data security solutions.

  1. Secudrive File Server
  2. Secudrive Device Control
  3. Secudrive USB drive solutions
  4. Secudrive Drive Eraser

It is critical to protect the confidential data in storage, and even while being processed by individuals. As mentioned in the previous blog, organizations can consider typical solutions like data loss prevention (DLP), enterprise digital rights management (EDRM), and virtual desktop infrastructure (VDI). These solutions promise to be effective in protecting your personal data, but are considerably challenging to implement and manage without professional consultants or qualified data security managers. Big, rich organizations may feel indifferent to these potential barriers, but SMBs with limited capital and human resources may look for other solutions that are as comprehensive and straightforward.

Secudrive File Server is a data loss prevention (DLP) solution for file servers, equipped with digital rights management (DRM) and application whitelisting to prevent internal data leaks and external cyber attacks, respectively. As file servers serve as a popular form of repository for confidential and unstructured data like personal data, organizations must consider some of the key security principles like network separation, encryption, anti-virus solutions, and backup. However, insider threat prevention must also be considered as confidential data is most exposed to data leakage when it is being processed. With Secudrive File Server, users are configured with different DRM policies, which can restrict them from unauthorized copy, print, screen-capture, and network-transfer; therefore, all personal data that are either in storage or processing will be prevented from accidental or malicious leaks. Against external cyber attacks like ransomware, application whitelisting prevents unauthorized applications or even malicious malware from being installed and run on the file servers to protect the personal data from harm. For visibility across an organization, Secudrive File Server provides logging of all file and user activities for real-time monitoring and future audits. It also provides security for personal data in motion, as its secure audited copy protocol (SACP) allows users to first encrypt the files for export, transport them in Secudrive USB drives, and decrypt later for access within Secudrive File Server environment.

Secudrive Device Control prevents internal data leaks by regulating the access of various ports such as USB, Wi-Fi, LAN, and IEE 1394, and monitors all activities regarding storages devices like USB drives, external hard drives, and smartphones that are connected to endpoint PCs. Among various ports, it is crucial to regulate the ports to storage devices, as data leaks through storage devices do not leave traces for the organizations to investigate and identify the wrongdoers. Therefore, organizations must either completely restrict or temporarily permit these ports for access. Secudrive Device Control achieves this with an added security feature of real-time monitoring in case of temporary USB port permission.  However, what if it is unavoidable for an organization to use USB drives, and simply restricting USB ports is no longer a viable option? Organizations can consider permitting only the designated USB drives with reliable security features like password encryption, file activity logging, and remote management.

Secudrive USB drive solutions provide a system that helps organizations securely manage the storage and transportation of personal data while being protected from accidental or malicious leaks even outside secure office premises. First, Secudrive USB drives are well-equipped against losses and thefts, the two most common human occurrences during data transport. Furthermore, Secudrive USB drives provide visibility as it records all file activities as logs for future audits. For the organizations that wish to manage multiple Secudrive USB drives simultaneously, Secudrive USB Management Server(UMS)  provides management of monitoring of multiple USB drives in real-time and even lock or wipe them remotely through a centralized console. With UMS,  organizations have the liberty to manage thousands of Secudrive USB drives and security policies remotely and respond to thefts and losses as swiftly as possible.

Lastly, Secudrive Drive Eraser provides assured and cost-effective data wiping for organizations. The caveat here lies in the danger of potential data leakage through recovery, even after deleting the stored data beforehand. Not only that, PC disposal is often performed by specialized facilities outside the office, and this leaves in doubt the danger of data leakage through loss or theft while en route. Secudrive Drive Eraser eliminates this danger by allowing the organizations to wipe the data on the PCs within the secure, on-site premises, and even to ‘recycle’ them to help cut costs. Furthermore, it provides extraterritoriality with the ability to distribute the solution to the PCs via online, wipe the PCs, and monitor the entire process remotely from a centralized location. Last but not least, Secudrive Sanitizer boasts effortless data wiping for any organizations as it performs with only a few clicks, even while operating systems are running.

The GDPR is out to achieve a common goal across the EU, but organizations of all sizes and industries are considering the Regulation a varying level of difficulty and different perspectives. As a data security solutions provider, Secudrive considers it as an exciting opportunity to provide a reliable blend of data security solutions that are comprehensive and straightforward. With Secudrive Device Control, organizations can ensure that untraceable data leaks through storage devices are restricted at the endpoints. Meanwhile, Secudrive File Server protects the confidential data directly from where it is stored by enforcing user-specific DRM policies for insider threats and application whitelisting for external attacks. When organizations require transporting their personal data outside the secure office premises, Secudrive USB Drive Solutions provide on which the personal data can be stored and protected from leakage with hardware encryption, DRM, and remote management. Finally, Secudrive Sanitizer helps organizations to ensure that personal data are deleted and rendered unrecoverable before disposing of the PCs. With our solutions lineup, will be well-prepared to carry on their operations without having to worry about where and how to begin their action plan for GDPR compliance.

Blog Posts in this Series:
① The GDPR Summary: The 5 Key Points
② Checklist for the Organizations to Comply with the GDPR
③ Data Protection by Design and by Default: Technological Measures
→ How to Comply with GDPR