Embed Size (px)
DESCRIPTION
Â
Citation preview
Considerations of SSD Data ErasureWith predictions expecting a huge
increase in the amount of data, the
handling of storage assets will become
more important than ever. The latest
research performed by IDC1 has further
revised their prediction for the size
of the data universe by 2020, adding
another 5 Zettabytes (ZB), indicating a
50x increase from 2010 and 5,247GB of
data for every person on the planet. They
also predict that 40% of this information
will require some kind of data protection.
The danger, as highlighted by IDC,
is that data protection levels are not
keeping pace with the volumes of data
that require protection.
Flash memory has enabled Solid State
Drives (SSDs) to become more widely used
although Hard Disk Drives (HDDs) are still
the dominant choice in the laptop, PC and
server market. However, recent research
from IHS iSuppli2 predicts that consumer
and enterprise SSD shipments are expected
to be around 83 million units this year,
more than a 100% increase of drives sold
last year (39 million), rising to 239 million
units in 2016 (40% of the HDD market).
Subsequent research3 shows a decline in
the use of desktop PCs and an increase
in mobile computing technologies which
use solid state storage technology. Hybrid
technologies, storage arrays and other
applications all mean that
flash memory is becoming
more significant.
Extensive SSD vendors offer a
variety of SSD models so it is
not possible to assume that
the behavior of one SSD will
match the next. Given the
rise of SSDs, standardization
of the elements of SSD
technology has not taken
place. Physical and logical
differences between the Solid State Drive
and the mechanical hard disk drive (HDD)
must be considered when erasing SSDs.
Key elements that support the SSD erasure
process are use of an erasure company that
is able to apply modern erasure standards,
ascertain third party software endorsements,
and invest in research and development
processes. SSDs contain internal controller
chips with advanced software modules that
are required to prolong the performance
and lifespan of the drive. These “undercover”
operations are
hidden from
the operating
system and also
the user. Options
for data erasure
of SSDs include
reformatting,
physical destruction
of devices,
cryptographic
erasure, firmware
based erasure and
overwriting all of which have risks as data
may still be retrievable.
Advanced erasure software solutions
enable a user to extend the security of data
erasure by accessing various approaches to
sanitization, offering greater assurance of
security and fully auditable results. Together
with a centralized management console
and enhanced verification and reporting
techniques, advanced data erasure can
determine the best course of action for an
SSD. It is essential that the tool is developed
by an organization with an understanding of
the caveats involved with this technology,
thus ensuring that the necessary steps
toward compliance and secure handling of
data are not overlooked.
High profile data breaches have resulted in
many countries adopting data protection
legislation and many groups of industries
have their own regulations. These legal
and industry requirements mean that data
security is obligatory for organizations
including the lifecycle management of
storage assets. Current EU data protection
directives mean that organizations must
implement technical measures to protect
personal data. The secure handling of SSDs
Issue 1, MarCh 2013
The secure handling of SSDs in an asset’s lifecycle is important as human error, application of ineffective software or flawed recommendations could land an organization in legal trouble and or with a huge fine.
This magazine is published by Blancco Oy Ltd.Copyrights 2013 Blancco Oy. All rights reserved.
Regulatory Concerns
Company newsProduct info
PaGe 3 PaGe 4PaGe 2 PaGe 3
Effective Data Erasure Management
Mobile Erasure
40 ZB
40%
20157.91ZB
20122.72 ZB
20101,23 ZB
Quantity of global digital data
of this information will require some kind of data protection.
of data for every person on the planet
2020
5,247GB
The digital universe doubles every 18
months while the spectrum of device
platforms becomes more fragmented, and
there are new compliance and legislative
Effective Data Erasure Management
CEO nEws
IT management staff face significant challenges including the management
of data security policy given the continued proliferation of data breaches
and identity theft worldwide. A key aspect of such a policy involves defining
as well as implementing data erasure procedures for IT equipment that
is scheduled for reuse, donation or final disposal. This includes a solution
that detects a range of hardware from smartphones to high-end servers,
and addresses daily data erasure management as well as the erasure needs
through an asset’s entire lifecycle.
Welcome to our first issue of Data erasure
News. The purpose of this publication
is to offer information to help your
organization with its data erasure
management process.
CEO and Co-Founder Kim Väisänen
To help efficiently and effectively
implement data erasure, advanced data
erasure solutions
providing centralized
management offer a
fast, automated and
secure way to protect
data while helping to
reduce associated
costs and resource
requirements.
Automated features
expedite erasure and allow customization of
erasure and reporting processes to meet an
organization’s needs.
While companies often associate the threat
of data loss with stolen laptops or other
in an asset’s lifecycle is important as human
error, application of ineffective software
or flawed recommendations could land
an organization in legal trouble and or
with a huge fine.
The National Association for Information
Destruction (NAID) has created a task force
to standardize and document sanitization
on SSDs. Professional data erasure tools that
claim to erase SSDs should offer some kind
of certification or approval that they are
effective in removing data by a recognized
portable media, many are less aware of a
more subtle culprit – their own improper
disposal of IT assets.
In fact, insecure
disposal of IT assets is
the cause of data loss
in 10 percent of cases,
according to a 2010
KPMG International
report1, with serious
implications for
corporate reputation
and from costly fines initiated by increasingly
stringent data protection regulations. Some
reports show that around 40 percent of hard
drives reach the secondhand market still
containing sensitive data, including a 2009
study by Kessler International2.
agency such as the UK-based Asset Disposal
& Information Security Alliance (ADISA) to
offer third-party assurance that data has
been wiped to the desired protection level.
With large volumes of assets,
the management of SSDs requires not
only erasure software that can identify
and handle them correctly, but an
organization that has invested time in
R&D and understands the unique
stipulations of handling SSD technology
and erasure. ®
Data erasure offers a software-based approach
for overwriting and fully eliminating all
electronic information – much of it sensitive or
confidential in nature – that resides on a hard
drive or other digital media set for disposal or
reuse. Erasure reports with detailed hardware
specifics are provided as proof of data removal.
Many data protection and destruction
technologies exist, including physical
destruction of devices, degaussing, encryption,
re-formatting, and less comprehensive
software overwriting approaches, but each
has its drawbacks. On the other hand, data
erasure management with advanced erasure
technology is the ultimate first line of defense
in ridding devices of sensitive information. By
automating complete removal of data with
technology that offers proof in a detailed
report, organizations are assured that data is
protected, without impacting the productivity
of resources and overall operations.
Tamperproof and verifiable reporting is
an essential part of regulatory compliance
and legal audits. A data erasure solution
should generate comprehensive erasure
reports to provide critical information for the
auditing process such as condition of the
hardware, relevant serial numbers and asset
tags, software details for license harvesting,
the erasure method employed and who
performed the erasure.
Customers and employees depend on the
security of personal and business information.
Failure to effectively erase information upon
the disposal of an IT asset or storage device
may not only result in damage to a brand
and a company’s image, but could lead to
falling stock prices, the loss of customers
and business partners, and negative press
as well. A carelessly discarded hard drive
containing confidential data that has not been
erased can easily result in identity theft and
expose an organization to bad publicity and
costly litigation. It can also impact employee
turnover and day-to-day business operations
and internal information security. ®
Data erasure offers a software-
based approach for overwriting
and fully eliminating all electronic
information that resides on a hard
drive or other digital media set for
disposal or reuse.
requirements in data security so secure
data erasure is becoming more challenging
for organizations to securely manage data
erasure processes for equipment they want
to reuse, resell or dispose. We, at Blancco,
have been responding to these challenges
by developing data erasure technology over
a 16-year period.
The recent growth of compliance and
legislative requirements in data security
demonstrate that management of secure
data erasure will become even more critical
in the next few years. We look forward to
supporting your industry’s needs in the
decades ahead. ®
1 KPMG International, “Data Loss Barometer –Insights into Lost and Stolen Information in 2010,” Issue 3, 2010 2 Kessler International, “Is Your Confidential Information Being Sold on eBay?”, February 2009, http://www.investigation.com/press/press75.htm
1 IDC Digital Universe Study, sponsored by EMC, December 20122 Ryan Chien, IHS isuppli: Solid-State Drive Market Revenue Set to more than Double This Year on Renewed Ultrabook Hopes (January 23, 2013) http://www.isuppli.com/Memory-and-Storage/News/Pages/Solid-State-Drive-Market-Revenue-Set-to-more-than- Double-This-Year-on-Renewed-Ultrabook-Hopes.aspx3 Fang Zhang, Hard Disk Drive Market Revenue Set for Double-Digit Decline This Year, February 4, 2013, http://www.isuppli.com/ Memory-and-Storage/News/Pages/Hard-Disk-Drive-Market-Revenue-Set-for-Double-Digit-Decline-This-Year.aspx
40%of hard drives reach the secondhand market still containing sensitive data.
some reports show that around
Finland
Data ErasurE nEws2
Seventy-seven percent of all companies now provide smartphones to some
employees according to a recent survey of companies in the United States
and Europe1. Previously, employees with company-issued mobile phones
were usually in executive, sales and marketing roles but the bring your own
device (BYOD) is re-shaping the business landscape and empowering more
and different types of workers.
An estimated 1.2 billion smartphones and
tablets will be shipped this year according
to Gartner who also predicts that by 2016,
two-thirds of the mobile workforce will own
a smartphone and the devices will contain
sensitive corporate, customer or employee
data2. All of these devices with trillions
of gigabytes of memory may potentially
contain sensitive corporate, customer or
employee data.
Most businesses do not have policies in place
to ensure that this data is secure, particularly
when it comes to decommissioning in the
event a smartphone or tablet is disposed of,
reassigned or sent for recycling. To eliminate
the risk of costly data breaches organizations
must adopt advanced erasure polices
as a best practice—that include policies
for mobile device data. They should also
implement products providing verifiable
Data Erasure of Mobile Devices
A number of stringent industry-specific
standards and regulations have emerged
around the world with the aim of reducing
the risk of exposing confidential data,
including rules related to health care, finance
and credit information. Existing regulations
that specifically require deletion of data
include the Health Insurance Portability
and Accountability Act (HIPAA), The Fair and
Accurate Credit Transactions Act of 2003
(FACTA), and the Payment Card Industry Data
Security Standard (PCI DSS), as well as the UK
Data Protection Act 1998. Also, comprehensive
regulations with data removal requirements
are under review in Europe with EU legislation
on data protection reform and in the US with
the Consumer Privacy Bill of Rights.
In Europe, changes in data protection have
been proposed that revisit rules from the
European Union (EU) Data Protection Directive
are expected to be released in June of 2013.
The directive includes requirements for the
deletion of online data and use of auditable
procedures for companies processing personal
data, as well as encouragement for the use
of certified tools and processes. Sanctions
for violations of these new requirements are
predicted to range from 250,000 euros to 1
million euros or 0.5 % to 2 % of global annual
turnover.
In February 2012, the Obama Administration
in the US introduced the Consumer Privacy
Bill of Rights, which provides strong privacy
REgulatORy COnCERns fOR all Data ERasuRE
proof of data removal or find a reputable
IT asset disposal (ITAD) partner or mobile
device recycler who uses
such software.
Restoring factory settings
will not ensure that all
data is permanently
destroyed, because the
data can still be recovered
later. Therefore, erasing
data is a safe and effective way to remove
this data from a device’s internal and
external memory. Companies should look
for an advanced data erasure tool that is
approved as effective in sanitizing data by
an internationally recognized testing agency
like TUV SUD and should be one that also
includes comprehensive erasure reports that
provide information for auditing, resale and
security purposes.
Regardless of a
device’s ownership,
a company’s IT asset
managers need to
track the users and
devices that access
company data as
part of a secure mobile device policy. ®
protection for consumers,
including a requirement
for deletion of data. The
new framework was
designed to provide a clear
statement of basic privacy
principles that apply to
the commercial world, and
a sustained commitment
of all stakeholders
to address consumer privacy issues as
they arise from advances in technologies
and business models.
Also it’s important to note that the
repercussions of a data breach from a tablet
or smartphone are just as severe as if it
originated from a
server or laptop. Not
only does a business
or organization risk its
corporate reputation,
it can also incur
industry specific
regulatory fines. The
European Network and
Information Security
Agency (ENISA) recognizes that improper
decommissions of smartphones without a full
data wipe poses one of the highest risks to
information safety3. ®
Sanctions for violations of
these new requirements
are predicted to range from
250,000 euros to 1 million
euros or 0.5 % to 2 % of
global annual turnover.
Restoring factory settings
will not ensure that all data
is permanently destroyed,
because the data can still
be recovered later.
1 IDC, “IDC Benchmark Study Examines Enterprise Mobile Device Policies,” 04 June 2012, http://www.idc.com/getdoc.jsp?containerId=prUS235194122 TechCrunch.com, “Gartner: 1.2 Billion Smartphones, Tablets To Be Bought Worldwide In 2013; 821 Million This Year: 70% Of Total Device Sales,” 6 November 2012, http://techcrunch.com/2012/11/06/gartner-1-2-billion-smartphonestablets-to- be-bought-worldwide-in-2013-821-million-this-year-70-of-total-device-sales/3 ENISA, http://www.enisa.europa.eu/act/application-security/smartphone-security-1/top-ten-risks/top-ten-smartphone-risks?searchterm=Top+Ten+Smartphone+
Data ErasurE nEws 3
whO is blanCCO? Blancco is the global leader in data erasure and computer reuse solutions. each day, tens
of thousands of IT assets on every continent are sanitized, analyzed and tested using
Blancco solutions.
why ERasE Data?IT assets pose a significant risk to organizations because of the large volumes of
confidential information stored on them. Data must be completely destroyed before IT
assets are disposed of, recycled, reused or donated.
Blancco opened its first office in southeast
asia in Kuala Lumpur, Malysia in January.
awareness in asia has been rising about
the importance of data protection.
Blancco received a 2012 Internatio-
nalization award from President sauli
Niinistö of the republic of Finland in
January. Now in their 45th year, the awards
recognize outstanding international
growth in Finnish companies.
blanCCO ExpanDs glObally awaRD nEws
Blancco is approved by:
“There is an increasing demand for secure
data erasure in Southeast Asia as awareness
grows and legislative initiatives continue
to focus a spotlight on the use of personal
information for commercial purposes,”
said Alan Puah, Managing Director for
Blancco SEA. “The Malaysian Personal Data
Protection Act was passed in 2010 and is
scheduled to be effective January 1, 2013,
further heightening the need for proper data
Blancco’s CEO and founder, Kim Väisänen,
won the 2012 Ernst and Young Entrepreneur
of the Year competition in Finland
and will represent Finland in the
Ernst & Young’s World Entrepreneur of
the Year award finals in Monte Carlo
in June 2013.
NATO TUV NSM
erasure solutions and practices throughout
the country.” Awareness in Asia is rising
about the importance of data protection.
Blancco also established an office in
Russia in 2012 as the company continues
to expand. Effective data erasure is
becoming a key component of data
protection practices, and the company is
responding by making solutions available
to a broadening user base worldwide.
Blancco has been growing approximately
25% per year during the past five years
including 2012. ®
Blancco has won many other awards
recently as it was named the 2012
Company of the Year in a competition
organized by Kauppalehti, Finland’s
biggest trade magazine, and OP-
Pohjola Group, Finland’s leading
financial services group.
The company was also acknowledged in
three other 2012 Finnish industry awards:
the Strongest in Finland certificate from
Suomen Asiakastieto, Soliditet’s highest AAA
credit rating for the ninth year in a row, and the
Kauppalehti Achiever certificate. ®
High speed, efficient erasure of
multiple hard drives ensures PCs
and laptops can be safely disposed
of, reused or resold.
A total erasure solution for
complicated server and storage
environments.
Permanently erase selected files
and folders from desktops and
laptops while they are active.
Erase flash media storage devices
stored within smartphones, tablets,
network routers, and cameras etc.
The latest solution for mass erasure
of smartphones and tablets.
Centrally erase logical drives like
LUNs and virtual machines in an
active storage environment.
Hardware and software solutions for
mass erasure of any type of loose
hard drive (eg ATA, SCSI and FC).report
Blancco also generates detailed
reports providing critical evidence
of every erasure.
erase
Blancco not only permanently
erases all data, including hidden and
remapped sectors…
Blancco’s unique era process
audit
These reports ensure the existence of
a comprehensive audit trail – a critical
requirement for compliance and
regulatory and legal auditing needs.
Copyright © 2012 Blancco Oy Ltd. All Rights Reserved. The information contained in this document represents the current view of Blancco Oy Ltd on the issues discussed as of the date of publication. Because of changing market conditions, Blancco cannot guarantee the accuracy of any information presented after the date of publication. This white paper is for informational purposes only. Blancco makes no warranties, express or implied, in this document. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Blancco.
For more information or to download our
whitepapers, please visit
www.blancco.com
