Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Data Remanence Solutions

MightyMartian (840721) writes | about 2 years ago

Encryption 3

MightyMartian (840721) writes "The company I work for has just had their government contract renewed, which is good news, giving me several more years of near-guaranteed employment!

However, in going through all the schedules and supplementary documents related to the old contract, which we will begin winding down next spring, we've discovered some pretty stiff data remanence requirements that, for hard drives at least, boil down to "they must be sent to an appropriately recognized facility for destruction."

Now keep in mind that we are the same organization that has been delivering this contract all along, so the equipment isn't going anywhere. What's more, destruction of hard drives means we have to buy new ones, which is going to cost us a lot of money, particular with prices being so high.

I've looked at using encryption as a means of destroying data, in that if you encrypt a drive or a set of files with an appropriately long and complex key, and then destroy all copies of that key, that data effectively is destroyed. I'd like to write up a report to submit to our government contract managers, and would be interested if any Slashdotters have experience with this, or have any references or citations to academic or industry papers on dealing with data remanence without destroying physical media."

cancel ×

3 comments

Sorry! There are no comments related to the filter you selected.

Certification? (1)

Indigo (2453) | about 2 years ago | (#38149856)

Dunno about the encryption, but sounds like you need to get your company / site certified as an "appropriately recognized facility".

What about bad sectors? (1)

NeverVotedBush (1041088) | about 2 years ago | (#38151192)

There may still be data lying around in bad sectors that encryption won't reach. And if the drives have partitions, you need to make sure each and every partition gets proper treatment and that all data areas are reachable by your method.

Not all of the rules for handling the data may make sense to you but whatever encryption you use may possibly be broken at some point. I don't know what the data is, but some data is to be protected forever. If the drives are not destroyed, you now have to monitor and track them for the rest of their useful lives to ensure that even the encrypted data doesn't make it out into the wild. Undestroyed drives are a liability.

For handling government data, trying to get an exception to how you can handle the data may or may not be worth it. Most likely you will need to demonstrate just how secure the data will be in its new encrypted home. Now you need documented procedures and verification.

It is probably much easier and possibly much cheaper to do proper documented destruction. It will also build confidence that your company is willing to comply with the regulation instead of arguing their way out to try to save a few bucks. If I was the one to authorize what you want to do, I would want rigid documentation and traceability for every single drive along with random testing to verify. That's expensive. The easiest and best way is to pattern the drives and then send them to destruction. It's security in layers and even if one step fails (which can and does occasionally happen), the next one picks it up to make sure the data is gone.

Re:What about bad sectors? (1)

NeverVotedBush (1041088) | about 2 years ago | (#38151280)

I thought I had a line about patterning the disks. You want to pattern instead of encrypt. With encryption, it can be broken. It may be practically impossible now, but not necessarily in the future. Patterning securely erases the data. To recover it means looking at the transitions and signal strengths in analog to try to tease out what the previous bits were. The more patterns, the harder that becomes. But there are still other ways to get the data - reading the track slightly off center to pick stuff up that was written at a different temperature or some such. It becomes a matter of how much effort someone is wanting to expend to pull out the original data.

The only way to make sure the data can't be recovered is to pattern to NIST specs and then physically destroy the drives.

Don't take this the wrong way, but just asking about using encryption and not knowing about bad sector issues or drive patterning shows that you probably don't know enough to properly protect that data. I would have serious reservations about trusting your company to keep it safe. If you have any number of drives that you are worried about the cost with a multi-year contract, you have just about guaranteed had plenty of drive failures over the life of the project you are winding down. How did you deal with those? Were they properly destroyed or just thrown away? Returned to the manufacturer as part of a service contract? Were any removed due to SMART warnings/errors where the drive was still actually readable?
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>