It includes the option of using software-based data erasure to combat keyboard-level data recovery attempts as well as laboratory-level recovery attempts that use advanced forensic techniques.Īgencies such as Singapore’s Government Technology Agency, which is responsible for the delivery of the government’s digital services, are increasingly including software erasure as a method to destroy data.Īccording to a Blancco press release, the company’s software will be used on up to 100,000 computers available to Singapore’s government agencies between 20.
NIST Special Publication 800-88 r1 is a US government document that lays out how an agency may securely sanitise data from storage media so all data is irretrievable. Physical destruction, such as by shredding, can also be risky, as many industrial shredders produce fragments much larger than the recommended width of 2mm, which can leave data vulnerable to recovery efforts. Fredrik Forslund, Blancco’s Vice President & General Manager International, earlier told GovInsider that although such physical methods may be more reassuring, they come laden with risks.ĭegaussing has no effect on newer technology such as solid-state drives and certain types of hard disk drives. Gone are the days when best practice was to wipe the contents of a hard drive with a magnetic pulse (degaussing) or physically destroy it using methods such as drilling or burning. But as the case above demonstrates, organisations need to pay as much attention to the data removal process as they do to maintaining high cybersecurity standards.Īs governments accrue citizen data to provide more digital services, it is critical that every step of the data management process is accounted for to ensure that citizen data remains protected. Yet the final step – disposing of data in a secure, verifiable manner – may be the most overlooked. The plaintiffs also accused the bank of failing to remove customer data before reselling two data centres to third parties.ĭata leaks can come from anywhere, from poorly secured databases to hardware that is retired improperly. Customers had argued that older servers that still contained customer data disappeared when the bank transferred them to an external vendor. Image: Envato Elements Early this year, a well-known US investment bank agreed to pay US$60 million to settle a lawsuit over a personal data breach. Physical methods of destroying hard drives may still leave data vulnerable to recovery efforts by forensics experts.
0 kommentar(er)
