Data Sanitization Know-How: Solutions from an ANSSI-Certified Provider.
For any enterprise charged with the responsibility of handling sensitive client and customer data, there is one essential question that must be asked – how seriously do you take your responsibility to the data your clients and customers leave in your care?
Many companies entrusted with sensitive data do not necessarily protect it ‘in house’. Instead, organizations commonly turn data sanitization and end-of-life asset management over to a third party. This has two major effects: loss of oversight and loss of control. Should data be accessed from used drives without authorization, and those drives be out of your direct management sphere, then damage assessments, recovery efforts and other remedial actions will be all the more difficult to undertake effectively. In the eyes of clients and the public, this does nothing to diminish your ultimate responsibility for the care (or lack thereof) of their data. Furthermore, many enterprises operate under outdated data management policies (or laws) that do not face up to the scope of the data security challenge.
Data sanitization—the disciplined process of deliberately and irreversibly removing or destroying the data stored on a memory device to make it unrecoverable—has rapidly ballooned in importance in the year since the COVID-19 pandemic began. As digital infrastructures evolve to accommodate the new paradigm of remote working, ever more attention must be paid to properly securing the exponentially increasing quantities of data processed and stored among thousands of home-based devices.
In this distributed model, where assets can be many miles away from organizational IT support and security teams, hands-on data destruction methods like asset destruction and reformatting are time-consuming and less effective than data erasure solutions that operate remotely. Simply deleting or reformatting the data leaves sensitive information behind on devices and servers. These processes also don’t verify that data has been removed, and most enterprises need to implement an audit trail to prove that the erasure or destruction of their assets are compliant with local data retention and sanitization regulations.
As such, enterprises around the world are struggling to find the best method for data sanitization across their IT asset portfolios.
Data erasure is a software-based method of sanitization that securely overwrites data from any data storage device via optimized erasure algorithms.
ANSSI has recently certified data erasure solutions from software provider Blancco; the only software of its kind to receive a certification at this level from the French governing body.
This industry leading technology reduces risks of data breaches, allowing enterprises to erase IT assets, such as laptops, servers and data center equipment at end-of-life and prepare them for the next stage: internal reuse, authorized return, resale, recycling or donation.
Certified data erasure enables the reuse of assets without concern about data vulnerability. This approach reduces e-waste and the carbon footprint of an organization by supporting environmentally responsible, regulation-compliant policies for asset disposal.
Covid-19 has seen many organizations swiftly enable remote working for their employees, meaning that IT managers have less control of their company assets. Data erasure can be deployed remotely, enabling automated erasures with minimal network connectivity One critical element of certified data erasure is the tamper-proof, digitally signed certificate, supplying an unbroken chain of custody and the confidence that devices are immune from unauthorized data access.