Let’s begin with “Delete”. Initially, “delete” was confusing for me as I was reading about data sanitization, because I normally interpreted “Delete” as being equal to “Clear”. Then, I saw that there is no formally sanitization technique called “Delete (at least by NIST SP 800–88). I started thinking what would be the reason of considering “Delete” as a valid method for data sanitization. Then, I figured out that it was because of using Microsoft Windows OS for many year. It’s basically a kind of “conditioning”.
“Delete” is not a formal sanitization method, but it’s used few times in NIST SP 800–88. When we read the word “delete”, we need to be careful and always consider the context it’s being used. It might be used to denote clear and purge methods or “delete” operation on a device, etc.
What is media sanitization?
According to NIST:
“A general term referring to the actions taken to render data written on media unrecoverable by both ordinary and extraordinary means.”
What is data sanitization?
According to International Data Sanitization Consortium (IDSC):
“Data sanitization is the process of deliberately, permanently and irreversibly removing or destroying the data stored on a memory device to make it unrecoverable.”
IDSC also states that: “A device that has been sanitized has no usable residual data, and even with the assistance of advanced forensic tools, the data will never be recovered.”
Two definitions above show us that actually “media sanitization” and “data sanitization” both refer to sanitizing “data” at the end of the day, and maybe just stresses the focus point of the document, process or workgroup. You might see these terms being interchangeably used as well.
As a security professional, I would like to stress that we should not forget the value of paper based data. Physical paper must definitely be considered when we are defining our data sanitization processes. It’s not only about digital world.
Let’s come to the definition of other three terms and base our definition to NIST:
Clear: “Clearing information is a level of media sanitization that would protect the confidentiality of information against a robust keyboard attack”.
When we read the definition of “purge”, we will see the difference between clear and purge.
Purge: “Purging information is a media sanitization process that protects the confidentiality of information against a laboratory attack.”. NIST explains laboratory attack threat actors have the knowledge and resource of using non-standard methods during the recovery attacks. Degaussing is accepted as a purging method for magnetic data.
Clear does not guarantee resistance to laboratory attack by its nature, whereas Purge do. As we can guess, Clear will be relatively a faster or cheaper method. It does not mean that we cannot use Clear because it’s not secure, it depends on the classification of data.
Let’s also define Destroy to complete our list and then see how we decide which method to choose.
Destroy:”Destruction of media is the ultimate form of sanitization. After media are destroyed, they cannot be reused as originally intended. Physical destruction can be accomplished using a variety of methods, including disintegration, incineration, pulverizing, shredding, and melting.”
Which level do I need to achieve sanitization?
Well, it depends on which standard(s) you want to comply with. But, NIST is our main reference here. They have a very nice decision flow diagram showing us which method is required. This diagram is worth a thousand words. I love it:
Another important step to stress here is “Validate”, and it’s a topic for another story.
Is degaussing considered as clearing or purging?
Degaussing is an accepted way of purging for magnetic data. Not for SSD, CD, etc.
How about SSD media?
One way of SSD sanitization is, of course, destroying (i.e. shred, disintegrate, pulverize, or incinerate by burning the device in a licensed incinerator).
When it comes to “Purge”, there are two approaches ( I will use definitions from IDSC) :
- Cryptographic Erasure: “The process of using encryption software (either built-in or deployed) on the entire data storage device, and erasing the key used to decrypt the data”
- Data Erasure:”The software-based method of securely overwriting data from any data storage device using zeros and ones onto all sectors of the device.”
Further Recommended Reading Materials:
