Data sanitization is the process of completely removing the data stored on a memory device to make it unusable. The process is deliberate, permanent, and irreversible. As such, any device that undergoes data sanitization will no longer have usable residual data. Even if you use the most advanced forensic tools on the sanitized devices, you can no longer recover the data.
As the name implies, data sanitization can be likened to cleaning your home and getting rid of all things you no longer use. You can’t get the stuff you threw or gave away back no matter what you do.
Read More about “Data Sanitization”
Data Sanitization Methods
Data sanitization can be done in various ways, namely:
1. Physical Destruction
This data sanitization method involves physically shredding hard drives, laptops, mobile phones, and other storage media using a professional-grade mechanical shredder. You can also do it by degaussing or exposing the data to a magnetic field to neutralize it to the point that it can no longer be recovered. Note, though, that degaussing is only useful for hard disk drives (HDDs) but not solid-state drives (SSDs).
While physically destroying storage media is an effective method of data sanitization, it is discouraged since it can have detrimental effects on the environment.
2. Cryptographic Erasure
Cryptographic erasure involves using a built-in or deployed encryption software on a storage device. The software erases the key one needs to decrypt the data. Ideally, key erasure would render the data unreadable or unrecoverable because the decryption key is no longer available. While cryptographic erasure is an effective way of data sanitization, the data remains inside the storage device, and so the process may fail to comply with regulation orders.
3. Data Erasure
Data erasure, like cryptographic erasure, uses software to sanitize data. The process involves securely overwriting the information with zeroes and ones. Data erasure can be successful if it follows these criteria:
- The software complies with industry and organizational requirements.
- There is a way to verify if the overwriting process was done on the entire device.
- There must also be a tamper-proof certificate that indicates that overwriting was successful.
In some cases, block erasure may also be done. In this process, the software targets only block addresses or specific places within the storage device, which removes only targeted data.
Among all three methods, data erasure is recognized as the best form of data sanitization. It has a validation process that assures the data owner that the information is no longer recoverable. It is also environmentally sound as the storage devices can still be resold. The downside, however, is that data erasure can take a while to accomplish.
It is common to confuse data sanitization with other processes that often only delete data but do not make it unrecoverable. Some of these practices include data deletion, reformatting, factory resetting, data wiping, file shredding, data clearing, data purging, and data destruction.
Data sanitization is critical in protecting highly sensitive data. Due to the implementation of the General Data Protection Regulation (GDPR), the process has become a necessary practice for organizations.