1. Data Sanitization:
When, Why & How
FREDRIK FORSLUND
Director, Cloud & Data Center Erasure Solutions
Blancco Technology Group
2. Data Storage: Past & Present
2
1940
Punched Cards
1956
Hard Drive
1985
DVD
2006
The Cloud
2000
USB Drive
1951
Magnetic Tape
First computer
sold for
$750,000
1971
Floppy Disks
Removable &
Rewritable
2013
3. Data Security Challenges
3
# of Data
Per Device
Peta
Bytes
Tera
Bytes
Giga
Bytes
00s 000s 0000s
# of data
bearing devices
Security Risk
Per Data Storage
Device*
Data center
& Cloud data
PCs &
Office Servers
Smartphones
Tablets, USB sticks
6. Cloud Storage:
Where Erasure Responsibility Lies
It falls to
“…the provider to keep that data secure, and when it is
deleted, the provider should ensure (or be able to
prove) that it is permanently destroyed.”
7. 4 Scenarios Where Data Erasure
Is Absolutely Necessary
7
When Equipment
Hits End of Life
After Data
Migration
When Data Hits
End of Life
When Customers
Demand (“Right to
be Forgotten”)
8. Common Process:
• Security policy does not allow drives to leave the
data center.
• Expensive contracts with manufacturers to “keep
my drive” in place, combined with destruction
costs.
Improved Process:
• Erase and securely send back drives under
warranty.
• Very high cost savings and enhanced
auditability.
When Data Erasure Is Necessary:
Break Fix Need
9. • Cap Gemini erased 2 SANs in the
Nordics from Poland through
remote erasure.
• When erasure was done, local
recycling company came and
picked up systems for reselling
them.
• Cap Gemini got money back
instead of spending money on
physical destruction.
When Data Erasure Is Necessary:
SAN Decommisioning
10. • Data Entry
• Data Migration within
Data Center(s)
• Data Exit
• Disaster recovery
exercises
• Test data
• Mergers and
acquisitions
When Data Erasure Is Necessary:
Planned Data Migration and DC
Consolidation
Target Both LUNs and VMs
11. • Enable customer to feel
secure that data is erased
securely
• Detailed auditable report
provided
• Competitive advantage
compared to others
• On-Demand, integration or
automization
When Data Erasure Is Necessary: Customers
Terminating Virtual Machines in the IaaS Cloud
12. Data Breaches: ISO/IEC 27040
Security Threats Types of Data Breaches
Theft of storage element or media
Unlawful access, unlawful disclosure, unlawful data loss, unlawful data
destruction
Loss of storage element or media
Unauthorized access, unauthorized disclosure, accidental data loss,
accidental data destruction
Loss of data Unlawful, unauthorized, or accidental data destruction or corruption
Accidental configuration changes (e.g., storage management,
storage/network resources, incorrect patch management, etc.) by
authorized personnel
Accidental access, accidental disclosure, accidental data destruction,
accidental data alteration
Malicious configuration changes (storage management, storage/network
resources, application tampering, etc.) by external or internal
adversaries
Unlawful access, unlawful disclosure, unlawful data destruction, unlawful
data alteration
Privileged user abuses by authorized users (e.g., inappropriate data
snooping)
Unlawful/unauthorized access or disclosure
Malicious data tampering by external or internal adversaries Unlawful data destruction or alteration
Denial of service attacks Unauthorized data destruction, loss, or alteration
Malicious monitoring of network traffic Unlawful/unauthorized disclosure
13. The Daily Reality of Data Breaches
13
76 Million People Affected
Information
Compromised: Names,
Addresses, Phone
Numbers and Email
Addresses
56 Million People Affected
Information Compromised:
Credit Card and Debit Card
Numbers
145 Million People Affected
Information Compromised:
Encrypted Passwords, Customer
Names, Email Addresses, Mailing
Addresses, Phone Numbers and
Dates of Birth
14.
15. Enterprise Businesses & Government
Bodies Must Get on Board
National Data
Protection Law
EU Data Protection
Regulation 2015
„Right to
Erasure“
ISO Standard
27001, 27040 etc.
Sarbanes-Oxley
HIPAA
(Health
Insurance
Portabiltiy and
Accountability)
Credit Card
Industry PCI-
DSS
16. How Does Secure Data Erasure Work?
Format or Delete Data Erasure
17. Physical Level
Logical Storage
(LUNs)
Virtual Machines
(VMs)
Virtual Machines/Servers and
vApps (grouped VMs) hosted on
various hypervisors
Logical Unit Numbers (LUNs) viewed as
virtual drives dedicated to data storage
on Storage Area Networks (SANs)
Physical Level:
Servers, HDDs, etc.
Asset
End-of-life
Data
End-of-life
DEaaSData Erasure as a Service
Data Erasure as a Service
18. DISK Erasure (HDD
and SSD)
SERVER
Erasure
FILE Erasure
LUN Erasure
VIRTUAL
Erasure
Total Erasure on Physical Level:
Erasure at File, Logical & Virtual
Levels
19. 01
02
03
04
ISO/IEC 27001: Setting the Bar High for
Security Standards
19
TOP
MANAGEMENT
Must implement
information security
policy themselves
RISK
MANAGEMENT
Relevant security
risks should be
addressed and
mitigated
INTERNAL
AUDITS
Must verify all
security risks have
been addressed
and operational
processes are set
DATA REMOVAL
Sensitive data and
licensed software
must be securely
removed prior to
disposal or reuse
20. ISO 27018: Protection of Privacy &
Personal Data in the Cloud
20
Home PC
Push Sync
Back Up All Files
Work Laptop
Push Sync
Work Files
Notebook
Smart Sync
Select Files
Tablet
Sync Local
Stream the Rest
Smartphone
Sync a Few
Stream the Rest
!
My Documents My Photos My Music My Work Files Special Project
21. Stay Current With New
ISO Recommendations
21
01
02
03
“Logical sanitization (see 6.8.1.3) should be used to clear virtualized storage,
especially when the actual storage devices and media cannot be determined.”
“Sanitization of media at end-of-use situations
is recommended, even when using encryption
methods.”
Erase on Logical & Virtual
Level
Add onto
Encryption
Maintain Sanitization Records
Organizations should maintain a record of sanitization activities to
document what media were sanitized, when, how they were sanitized, and
the final disposition of the media.
24. A Case Study (San Francisco)
Corporate Facts:
• Founded in 2007 and product released
in 2008
• One of the largest AWS S3 customers
• Running tens of thousands of servers in
multiple data centers
• Managing hundreds of billions of files –
and growing
25. A Case Study: Dropbox
CONSENSUS ASSESSMENTS INITIATIVE
QUESTIONNAIRE v3.0.1
Dropbox uses secure deletion process to
delete data once a customer has
permanently deleted a file from their
Dropbox account or after service
termination.
250 million units sold, makes you think about how fast things change in the IT industry
This is a topic which could be discussed with ALL Data Centers. What is their current process and how much money can they save by investing in Blancco?
Software erasure (with or without hardware module) for individual HDDs and SSDs is available as well as Degaussing for broken drives.
NIST 800-88
Unless you proactively sanitize data in your environment, external or internal attackers as well as malware can maliciously perform data recovery that lead to data leaks.
Global security regulations and standards which are increasingly demanded for and adhered by Cloud providers and their end-customers.
Overwriting, wiping, data erasure
The data centers of today need to master several levels of data erasure to offer their customers the best possible security. Blancco has solutions for every level.
ISO 27018 is already released and ensures protection of privacy and personal data.
ISO 27017 is coming. It ensures security controls for cloud providers.
Our partner Kroll Ontrack have informed us that recreating deleted (not erased) Virtual Machines is feasible in many different situations and environments.
When a Dropbox storage disk has reached the end of its life or is damaged, we follow a decommissioning process that is designed to destroy the disk to the point data cannot be reasonably recovered. Our managed service provider also follows secure destruction processes for media they control.”