Traditional data center service providers usually promise to destroy the data at the end of the contract and confirm the destruction in writing. However, this strategy is relatively rare in SaaS terms.
For any enterprise or organization, a key part of the information security strategy is the processing of useless data. In fact, once a business is flawed in this area, there is a risk of serious breaches of data protection and privacy policies, as well as regulatory compliance issues that unnecessarily increase costs.
Let SMEs know about data destruction
In general, we have three different options for data destruction:
1. Cover, that is, cover up the old data and information;
2. Degaussing, refers to the removal of the magnetic field of the storage medium;
3. Physical damage, mainly the use of physical damage to the disk technology for data destruction.
So, what is the better way to apply to businesses and organizations?
In fact, according to the experts, each of these technologies has its own pros and cons.
Some organizations use several methods to destroy data. For example, the microprocessor manufacturer Intel Corporation has used the above three methods. "Which approach depends primarily on our purpose," said Malcolm Harkins, Intel's chief information security officer and Vice president of the IT department. ”
Information security expert Ben Rothke has extensive experience in the field of data destruction. In his view, in the past few years, the data destruction market has not substantially changed, "if there is any trend in this area, it is that more and more enterprises are beginning to recognize the importance of data destruction." ”
Still, some organizations (especially smaller organizations) need more training and indoctrination in data destruction, "We think this is a very important topic," said Jay Heiser, an analyst at Gartner, a marketing research firm. But Gartner's clients don't have much to discuss with us on this. ”
"Corporate customers usually have some good ideas about this," says Heiser. The drill for data destruction has been going on for years, so it will not generate much attention in the industry. ”
Still, unfortunately, there are still many small and medium-sized enterprises that have not completely circumvented the risk of data, Heiser.
The era of cloud computing "Leave No Trace"
In fact, with cloud computing so pervasive today, all types of businesses face an important problem: how to handle data from cloud computing service providers?
"Customers often ask me questions about how data service providers work with data, especially in software as a service (SaaS)," says Heiser. ”
Traditional data center service providers usually promise to destroy the data at the end of the contract and confirm the destruction in writing. However, this type of strategy is relatively rare in SaaS terms.
"Although the storage architecture for most SaaS services means that the data that the customer discards is quickly being overwritten and almost impossible to recover, it is not perceptible to the customer." "There are few terms and conditions in the SaaS area that target old data for customers," Heiser said. ”
Online travel service provider Expedia's vice president and chief information Security officer Ariel Silverstone that in the next few years, cloud services may increasingly focus on data destruction.
"The physical type of data destruction is no longer mainstream in the cloud service migration trend," he said. "In other words, logical destruction will be the core technology for data destruction, so data classification needs to be further consolidated and regulated, that is, how we should find the data we need to destroy," Silverstone said. ”
Therefore, independent information security advisor Jeff Misrahi believes that for those "obsolete" data, businesses and organizations need to consider the following factors when choosing a method of destruction:
The first is the time it takes to destroy data. There are a number of issues that need to be considered, such as whether the amount of data that needs to be destroyed is large or if the data occupies a large amount of disk space.
The second is cost. Can an enterprise afford the cost of destroying data? Can the disk that destroys the data be reused? is the enterprise not able to afford the special hardware that the data destroys? All these questions need to be considered.
Finally, consider the issue of validation and authentication. Does data destruction conform to compliance requirements? How does an enterprise prove to a regulatory body or auditor that it has met the relevant regulatory provisions?
These factors not only apply to the traditional enterprises, but also to the application of cloud services users. In fact, more and more experts believe that in the era of cloud computing and solid-state storage, new technologies and application patterns will emerge in the field of data destruction.
Link
Comparison of three data destruction methods
1. Cover
Overlay is one of the most common methods in the field of data destruction, which is to fill the media with new data.
Advantages: Because it can be done through the software, so the operation is relatively easy, low cost. At the same time, it can be configured to develop the scope of destruction (including documents, zoning, etc.), but also more environmentally friendly.
Disadvantage: For high-volume data, overwriting takes a long time, and does not cover all data regions. In addition, there are no corresponding security options during the overwrite operation. At the same time, once the media error, the software type of data destruction will not be discussed.
2. degaussing
Degaussing is the removal or reduction of the magnetic field of a storage disk or drive, which is usually performed using a degaussing device.
Advantages: The operation is faster, and the data on the degaussing media can not be restored, very suitable for highly sensitive information.
Disadvantage: The price of degaussing equipment is more expensive, and it may produce strong electromagnetic field, damage the surrounding equipment. In addition, degaussing is an irreversible damage to magnetic media. Once the media is corrupted, the drive will not be reused.
In addition, degaussing effect is not stable, depending on the density of the disk and the operation time of the degaussing process.
3. Physical damage
Of course, we can also destroy the data in a physical way, such as shredding, melting the disk, so that the media can not read.
Advantages: The maximum guarantee of data destruction effect.
Disadvantage: The cost of physical damage is extremely expensive. Many people believe that destroying data in a physical way is not a long-term strategy to maintain corporate finance, nor is it environmentally friendly. (Wind Miao compiling)
(Responsible editor: The good of the Legacy)