In an IT environment, data is stored on various forms of storage media (e.g., hard drives, USB flash drives, CD-ROM’s, tape drives). When you no longer need to use this storage media, the data must be securely removed to prevent unauthorized access. In compliance with FERPA, University policies and state legislation, this becomes imperative if the data is of a sensitive nature.
Why must the data be removed?
There are several reasons for removing the data from storage media before disposing of it. One of the reasons could be that the server hosting the data is being replaced with a newer model. Or perhaps the backup data on CD-ROMs and tapes are no longer needed and need to be expunged. Or maybe the hard-drive on the computer system is inoperable and needs to be replaced.
In each of these cases, the department or college responsible for the data on the device must ensure that all data is securely removed to minimize the risk of possible compromise of the data. For additional information on data security, see PS06.20 (“Security of Data”).
Why deleting the data is not enough?
There are several ways the data can be deleted from a computer system. The most common way is to grab and drop a file into the recycle bin (trash can) in modern operating systems and then empty the bin. However, the files being deleted are not the actual data, they are just pointers to the files and deleting these does not necessarily remove the data. The data remains on the hard-drive as unallocated space. There are sophisticated methods that can be utilized to retrieve the data previously stored on the hard-drive even if the unallocated space has been utilized by new files.
It is a common misconception that by formatting the hard-drive, all data has been securely deleted. Like delete and emptying the trash folder, this utility only modifies the file system but does not remove the data. Think of this as removing the table of contents from a book but leaving everything else. All the pointers are gone, but the pages still exist.
CD-ROMs provide a different challenge due to their read-only nature. The challenge is that there are no means to securely delete the contents of the CD. Inoperable hard-drives can also provide challenges as they cannot be connected to a system and approached through software.
Secure methods of deleting data
As previously mentioned, one cannot rely on deleting the data alone and it is important to remember that there are devices that present special challenges. So, now the question becomes what steps or utilities are available to us to securely delete and/or destroy the data.
There are several utilities available to us that can perform the task of disk wiping. Disk wiping is a term that describes a utility's ability to write a series of 1’s and 0’s over the disk in an effort to securely remove the data. Some examples of commonly used utilities are DBAN, East-Tec’s Eraser, and Sourceforge Project Eraser. The task of disk wiping might be time consuming depending on the speed and/or performance characteristics of the computer.
As a user you have several built-in options for securely removing data from a Macintosh computer running Mac OS X:
- For files you've deleted by dragging them to the Trash, use "Secure Empty Trash" from the Finder menu. It will overwrite and delete files in your Trash folder.
- For whole file systems, use the Disk Utility, which can be found in the /Applications/Utilities/ folder. Select the file system on which you want to securely remove data, and then select the Erase tab. On the Erase pane, the "Erase Free Space" ...button lets you overwrite free space on the file system - that is, space that may contain data for files that have been deleted insecurely. The "Security Options" button lets you delete or overwrite files that still exist. Each of these buttons gives you the option of overwriting files once, 7 times, or 35 times.
- For individual files, use "rm -P" from the command line. It overwrites files three times before deleting them.
SSD Data Security
SSD drives and other flash media store and handle data a little differently than hard drives. This makes the traditional advice of disk wiping and secure deletion less effective. It may still be possible to recover data from SSDs that have been wiped with a utility like DBAN.
One of the best ways to keep data secure on an SSD is to utilize full disk encryption. If the disk is protected by sufficiently strong encryption, the risk of data remanence and exposure is mitigated without using wiping tools.
Microsoft’s BitLocker and Apple’s FileVault can be utilized to encrypt the disk, and then the disk can be formatted. Without the original key, none of the data that was on the drive can be recovered.
Some drive manufactures may offer utilities, like Samsung’s Magician SSD management utility or Seagate’s Instant Secure Erase utility in Seatools, that will perform a secure-erase or encryption of your drive to prevent data remanence.
If these steps are not possible, or the drive is inoperable, the SSD or flash media should be physically destroyed. Physical destruction of LSU owned property is not permitted, therefore, if an LSU department has identified that physical destruction is the only option available, the department must contact Office of Property Management.
Degaussing is a process by which the storage media is subjected to a powerful magnetic field to remove the data on the media. It is important to note that this method can make the media inoperable. Therefore, if you plan to reuse the media or sell the media, you should not use this method to securely remove data.
Additionally, degaussing is only effective for magnetic-based storage like older hard drives and tapes and is not guaranteed to work. Unless the drive is damaged or inoperable, it is preferable to use secure erasing or overwriting methods above to wipe the data. Destruction may be a better alternative for inoperable media.
Remember, flash based media, like SSDs and flash drives, cannot be degaussed. Hybrid hard drives that contain both traditional, magnetic storage platters and flash-based storage, are not good candidates for degaussing.
For storage media that cannot be wiped (e.g. inoperable hard drive, DVDs) or that has contained highly sensitive data or for devices that cannot be degaussed (CD-ROMs, SSD drives, flash drives, etc.), destruction of media is the most effective means to ensure that the data cannot be recovered. There are several methods through which destruction of media can be achieved. Some examples are shredding disk platters, grinding the surfaces off of CD’s, and incinerating back-up tapes. Physical destruction of LSU owned property is not permitted, therefore, if an LSU department has identified that physical destruction is the only option available, the department must contact Office of Property Management.