How to Create a Data Sanitization PolicyPhil Biundo
We’ve heard a lot about a private email server in the news lately that was deleted that may have had classified data stored on it. This data was deleted last year, and now what was on it is coming into question. In light of this story, I wanted to take the time to dissect what data destruction or sanitization on an email server is and what a Disk and Data Sanitization Policy and Guidelines can do for you and your company.
So let us drill down to try to better understand what is behind the story.
Why should you perform a data sanitation or data deconstruction, or know how to do a DOD wipe or format data on an email server?
The owner of the server could be:
- Preparing the server for reuse or resale, as this is a common practice in the IT industry.
- Following the proper procedure for decommissioning an email server before sending it downstream to a recycling company and/or end-of-life IT remarketing company.
- Someone wants to make sure the data remains destroyed so that nobody can ever see the data on the server. Keep in mind this can also be done by physically drilling holes into the hard drives and/or having the physical hard disk ground into bare metals.
Note: Most commercial email servers are backed up, so there has to be duplicated data elsewhere on the network or in the cloud.
Following the Sanitization Policy with the proper training can save you a lot of trouble.
If the server’s data was deleted/purged on the server, can you recover the emails?
Programs that run data erasure software are designed to make sure the data is unrecoverable. They are designed to preserve the value of the server by not physically destroying or removing the hard drives, thus making the server worth a lot less in its entirety.
The operator has a few choices of which type of data destruction can be done to the drive and with what frequency. The most common type of data destruction in the technology industry is the Standard DOD 5220.22-M or US DOD 5220.22-M. This is a very difficult task to recover data, and from my experience, it’s like trying to find needles in a haystack.
The CIO, CEO, and/or staff members who had possession of the email server will have to demonstrate and explain the Disk and Data Sanitization Policy and Guidelines of their company if they have one. Questions like these will come up: Who ordered the sanitation, what kind of sanitation was used, and why?
The person who did the sanitation could be a member of the IT department or another staff member. He or she was following a protocol of the Data Sanitization Policy. They could have also contracted it out to a company to wipe the server and resell it for fair market value. This can be done onsite or offsite depending on the company policy and procedures stated in the Disk and Data Sanitization Policy.
What gets deleted on an email server?
Simple: pretty much everything. Not knowing which of the many possible network configurations it could have been set up with, I am sure the server in question was targeted to be destroyed. Depending on their importance, servers could have had data replication services. So copies of the emails could be located elsewhere.
Servers with an important caliber of communications are backed up and verified before any data destruction, both for legal reasons and for any possible unforeseen disasters. This still leaves us with a bunch of unanswered questions, like, why was the server suddenly retired and not migrated to the new server?
Can we find out when the server’s data was deleted?
Depending on which data sanitization software was used, it could have signatures left on the drive after the wipe was done. Using that data will give you a lot of information, such as how long it took, how it was done, and how many times it was done.
Where and how can data sanitization services be provided?
Data wipes can be done remotely, and someone outside the building where the server was stored could have been hired to access the server remotely and start the data destruction and sanitization. This info could be on the drive as a signature for reporting.
What can we learn from this?
Having a Disk and Data Sanitization Policy in place at your company is a great start. As the CEO, CIO, and/or IT director, this has to be one of the most important tasks that you’ll have to address quickly, especially if you don’t have one in place. Big data crises or scandals like the ones you hear about in the news will come up. So you better be prepared to address them now by implementing an effective policy.
So what should your Data Sanitization Policy look like?
Instead of creating an overly lengthy blog, I will help you with a shortcut I learned from Steve Jobs’ philosophy. Good artists copy; great artists steal. Below is a perfect starting point, but you will have to customize it to fit your organization’s needs.
So you created a policy and got everyone on board. What’s next?
Compliance is the next step, but more importantly, make sure you have an auditing method and/or tracking system of the assets from inception to decommissioning.
Life After Decommissioning
How much do I have to worry about data on the local disks and be sure that our data is unrecoverable?
If you have a policy in place, and a compliant team, with detailed audits, you don’t have much to worry about. Data leakage and theft from discarded hard drives is a serious concern for every business, especially businesses that are already subject to stringent regulatory control. Many organizations opt for centralized storage. When local disks are eliminated from individual desktops and servers, the danger of sensitive data being recovered from those servers later is also eliminated.
Are you vulnerable to a data breach?
When Andrew Chapman, an IT Manager out of the UK, bought a used drive on eBay for $65, he thought he was getting a great deal. However, upon further examination, he realized he had received a gold mine! The drive, which had not been properly wiped of the previous user’s data, contained the personal financial information of about 1 million private individuals. The data belongs to an amalgamation of major credit card companies and banks and was never wiped from this drive before it was sold.
Luckily, Andrew Chapman believes in bad karma and decided not to make use of any of this information. He dutifully reported the breach to proper law enforcement officials and the data was eventually destroyed.
Upon further investigation by The Daily Mail, the drive itself was reportedly “missing” from a stockpile of IT assets in storage in a “secure area.” Later, reports indicated that the data breach occurred when a well-meaning employee sold the drive to Mr. Chapman without ensuring that the data had been erased. This only goes to show that the company, known as Graphic Data, did not have the proper policies and procedures in place to handle IT assets with sensitive information.
As refurbishment technology professionals, it is up to us to educate consumers and help implement policies and practices that ensure this does not happen again:
Do not store technology that may contain client data in an unsecured location.
Wipe all data according to specific DOD standards as soon as possible. Educate all employees on the importance of ensuring that assets are wiped prior to a sale.
It’s that simple. Protect your company’s reputation and your customers’ data by following these few simple rules of secure data handling. Implement a Disk and Data Sanitization Policy, and you’ll be doing yourself a big favor.
I would love to hear from you. How does your company/school/government handle secure and unsecured IT assets?