Disk data remanence: Part 2

Security Strategies This newsletter is sponsored by Websense Discover, Monitor, and Protect Your Data Is your data secure? Are you in compliance? Is your organization at risk of losing its competitive advantage? Attend this webcast to learn how to discover, monitor, and protect your data and learn what's new with Content Protection Suite v6 from Websense - the only solution to provide Total Content Protection. Network World's Security Strategies Newsletter, 08/07/07 Disk data remanence: Part 2 By M. E. Kabay In my most recent column, I briefly reviewed the seriousness of the data remanence problem on discarded disk drives. Today I want to wrap up with a pointer to an interesting product about which I have recently learned: Ensconce Data Technology’s Digital Shredder. The online demo is unusually well done, with clear images, succinct and informative commentary, and useful details for a security or network administrator. The introduction begins with a statement of the need for proper “decommissioning” of hard drives and shows a good summary table listing U.S. laws and other factors that impel organizations to ensure that discarded or repurposed drives have been properly wiped: Gramm-Leach-Bliley, Sarbanes-Oxley (see a recent article about SOx compliance from Network World's Technology Update), Fair and Accurate Credit Transactions Act of 2003 (FACTA) and the Health Insurance Portability and Accountability Act (see an interesting article about a HIPAA audit in Computerworld). Network World Security Buyers Guide Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyers Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise. Click here to go to the Security Buyers Guide now. The demo continues with a review of the methods for sanitizing disk drives. Software overwriting alone, they say, is not trustworthy because the choice of algorithm may be inadequate and because certain portions of the drive may not be overwritten at all. Degaussing is unreliable and even dangerous; sometimes drives are damaged so that they cannot be checked to evaluate the completeness of data wiping. The strong magnetic fields can also unintentionally damage other equipment. Outsourcing degaussing introduces problems of having to store drives until pickup, losing control over data and not being able to provide authenticated records of the data destruction. Physical shredders are expensive and usually offered only by outside companies, leading to similar problems of temporary storage, relinquishing control and dubious audit trails. The Digital Shredder is a small, portable hardware device that provides a wide range of interfaces (cloyingly called “personality modules”) covering today’s disk drives. The design objectives, quoting the company, were to provide: 1. Destruction of data beyond forensic recovery 2. Retention of care, custody and control 3. Certification and defendable audit trail 4. Ease of deployment 5. Ability to recycle the drive for reuse. The unit can wipe up to three disks at once. It includes its own touch screen; offers user authentication with passwords to ensure that it is not misused by unauthorized personnel; provides positive indications through colored LEDs to show the current status of each bay; can format drives for a range of file systems; and can be used to re-image a drive by make bitwise copies from a master drive in one bay to a reformatted drive in another. Readers can download a 13-page White Paper about the problem and the product without even having to register (!). I wish more companies were so open about providing information freely. Based solely on the materials I have seen, this device looks interesting. [DISCLAIMER: As always, I want it clearly understood that I have no financial interest whatever in this product and have not even had any contact with the company other than receiving a pamphlet and reviewing their Web site.]   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1.Undercover TV producer booted from DefCon 2. Do Not Call Registry gets wake-up call 3. NAC alternatives hit the mark 4. Newspaper outs ‘Fake Steve Jobs’ 5. Cisco founder unveils the Next Big Thing? 6. Tech-support poser gets sensitive info from IRS 7. Cisco founder brings optics to the router guys 8. The case of the great hot-site swap 9. IBM saves $250M with Linux-run mainframes 10. Researchers flag VoIP exploits at Black Hat MOST E-MAILED STORY: Hogwarts IT director quits

Contact the author: M. E. Kabay, Ph.D., CISSP-ISSMP, is Associate Professor of Information Assurance and CTO of the School of Graduate Studies at Norwich University in Northfield, Vt. Mich can be reached by e-mail and his Web site. This newsletter is sponsored by Websense Discover, Monitor, and Protect Your Data Is your data secure? Are you in compliance? Is your organization at risk of losing its competitive advantage? Attend this webcast to learn how to discover, monitor, and protect your data and learn what's new with Content Protection Suite v6 from Websense - the only solution to provide Total Content Protection. ARCHIVE Archive of the Security Strategies Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007