7 data sanitization techniques for better data protection

Importance of data sanitization in backups

Once backed-up data is no longer required or its expiration date has passed, data must be either archived or destroyed, depending on established data retention and destruction policies.

For data stored on-site, various data sanitization techniques are available to fully destroy it, based on the storage medium. If possible, obtain a certificate of destruction so that in the event of an IT organization audit, the auditor can examine and verify evidence of data destruction activities.

When data is stored off-site, such as with a cloud storage or backup service, the cloud vendor must destroy customer data when requested. Users must then verify that the data has been properly and fully destroyed and cannot be recovered. Before engaging with a cloud storage or other managed service provider, research what process the vendor uses for data destruction and understand how it certifies complete destruction of data. An off-site data storage company's failure to certify data destruction means the data could possibly be recovered, especially if the storage vendor suffers a cyberattack that obtains access to customer data.

7 techniques for data sanitization

There are seven main techniques that organizations can use for data sanitization. The preferred method will vary by organization, storage methods, industry and resources. Data sanitization techniques include the following:

1. Overwriting

Usually implemented in software, this process simply and securely overwrites the storage medium with new data. Also known as wiping, it is performed by writing the same data everywhere on the media. This process is generally inexpensive and can be performed in the data center. The challenge is to find a powerful enough tool that totally removes data on the storage medium.

2. Degaussing

This technique uses a device called a degausser that delivers a powerful magnetic field to remove data on a disk or drive. When used properly, degaussing renders a disk unusable. However, it might be possible for the manufacturer to reformat the disk at the factory. Degaussing is largely effective on HDDs and most tapes, but not on SSDs. The process can be expensive, depending on who performs the service.

3. Cryptographic erasure

Typically used to secure data from unauthorized access, cryptographic erasure can make it impossible to access data on a storage device. By encrypting all data stored on a device and using a very strong decryption key, access to the data can be effectively prevented. By destroying the encryption key, the encrypted data can be permanently made inaccessible. Encryption tools are readily available, and the process is relatively simple.

On the downside, encryption features that are part of the storage systems might have issues based on user errors, poor key management or theft of encryption keys by threat actors. Cryptographic erasure means the data is still on the storage device, which might not be compliant with regulations requiring complete data removal.

4. Physical destruction

This technique is generally considered the most secure and permanent approach for data sanitization. The media must be thoroughly destroyed, since even a small piece of the disk might still contain data. Typical techniques include breaking the media apart via grinding or shredding, incinerating the media, applying corrosive chemicals to the disk surface, vaporizing or liquefying the media, or applying extremely high voltage to the media.

These activities might require a costly third party experienced in physical destruction. The destroyed media cannot be reused or resold. The process might also be harmful to the environment.

5. Secure erase

This is a feature on SSDs that completely and irrevocably deletes all data stored on the drive. The process in effect returns the medium to its original factory state. It is virtually impossible to recover any data that was on the disk before the secure erase process. Once the drive has been cleaned, it can be disposed of, reused or even resold. Secure erase overwrites all data on the drive using 0s and 1s, and can reset encryption keys.

6. Data masking

Often used in lieu of the term data sanitization, data masking creates fake and inaccurate versions of data. For example, a drive has data on it, but the data has been altered. The masked version of the data cannot be reverse-engineered to re-create the original content. Data masking can be used on existing data and is compliant with regulations and standards. On the downside, masked data cannot be recovered, whereas encrypted data can be recovered with the proper key. Masking can also be a time-consuming process.

7. SDelete

SDelete is a free Microsoft command-line tool that securely deletes files on NTFS-formatted disks by overwriting data. Supported on Windows 10 and higher and Windows Server 2012 and higher, the tool removes data within compressed files and data protected by the Encrypting File System. SDelete complies with the U.S. Department of Defense clearing and sanitizing standard DOD 5220.22-M, which makes sure data deleted with SDelete is gone forever.

Relevant legislation and standards

A variety of established legislation, such as the Sarbanes-Oxley Act and HIPAA, includes strict requirements for data management, and especially for data retention and destruction.

Similarly, standards developed by the ISO, NIST and the Department of Defense address data sanitization. ARMA International, which addresses all aspects of records management, has published guidelines on data sanitization.

Paul Kirvan is an independent consultant, IT auditor, technical writer, editor and educator. He has more than 25 years of experience in business continuity, disaster recovery, security, enterprise risk management, telecom and IT auditing.