Comments made on deleting data, as organisations struggle to securely and compliantly remove files
Deleting data should be done efficiently as a failure could lead to a data breach or worse.
In a recent blog SecureWorks solutions architect Beau Woods claimed that many organisations are struggling to delete data in a way that is both secure and compliant.
He said: “Some ways to do this include using software to overwrite the data, using a degaussing tool to electronically damage the drives, and physically destroying them. Make sure you keep in mind that whatever method you use, the goal is risk mitigation rather than risk elimination. You're trying to mitigate the most risk for the least money.”
Commenting, Jon Ramsey, CTO at SecureWorks said that as people are not deleting data efficiently ‘if you want to collect information then buy cheap drives off eBay'.
He said: “There are better ways to delete data, a file system is like books and a database is a table of contents and when you a delete file on this it does not delete the file, it removes it from the table of contents. If you keep looking you will find the file. We would help a client set up a process to delete data.”
He also commented that it is not just files that you will find on a discarded disk, but a content of memory, which can contain an encryption key.
Don Smith, vice-president of engineering and technology at SecureWorks, said that even if you reformat a disk, that is not enough. He said: “You need to demonstrate that you are doing the right thing, people need robust processes and instances.”
Ross Waterton, founder of Bustadrive, said: “If you are going to reuse a drive there is no cause to zero the data out, but if you destroy it you cannot rescue it. If you are going to use it again then destroying it is really not relevant, but if it is sitting around you may want to consider destroying it.”