This article can also be found in the Premium Editorial Download "Storage magazine: Is storage virtualization ready for the masses?."
Download it now to read this article plus other related content.
|Building a data deletion policy|
|In a large corporation, who should be in charge of when and how data gets deleted? Data recovery experts say no hard and fast rules exist as to who takes on this responsibility,|
| but all agree that someone needs to act as the central point person.
"It's amazing that most large companies have procedures in place for backing up data, but when PCs get to the end of their life, there's nothing that governs how to get rid of the data," says Jim Reinert, director of business development for Ontrack Data International Inc., Eden Prairie, MN.
Experts say there are several key components of an effective data deletion policy. First, the company needs to decide what its objectives are for keeping track of data, based on the regulations of its particular industry. "Some data needs to be permanently kept, some permanently deleted," says Reinert. The rules are especially tricky for government contractors that often can find themselves with a mix of both classified and unclassified documents. For them, a rules-based archival system may be necessary to track files based on key words, the people who created the files or the particular project that's associated with the information.
An especially difficult form of information to keep track of is e-mail. "E-mail can be stored everywhere - at an employee's home office; on a Web-based mail account," says Michael R. Overly, a partner in the e-business and information technology group of the Los Angeles, CA, law firm of Foley & Lardner. One client discovered an employee sold a home computer at a yard sale before deleting the log-in information to the corporate network.
Some companies may opt for policies that call for regular cleansing of e-mails and other data to try to limit their financial liabilities from a lawsuit. "If you're sued, it can be extremely expensive to respond to a discovery request," says Overly, especially if relevant information is stored on the hundreds of thousands of PCs that may exist throughout a large company. For that reason, many corporations discourage employees from copying e-mail messages off of central communications servers and onto local hard drives, which can multiply the costs of litigation should the company ever be sued.
According to Gutmann, data recovery experts can reconstruct blocks of overwritten data by interpreting these patterns. "Deviations in the position of the drive head from the original track may leave significant portions of the previous data along the track edge relatively untouched," he has written. And sensitive data left lurking under overwritten files isn't the only point of vulnerability. Nuggets of critical information can also exist in temporary files created by an operating system or in cache memory.
Techniques and tools
How can a security-conscious company cope with hidden data? One way to thwart probing microscopic eyes is to systematically overwrite the entire surface of a storage medium with a random collection of ones and zeros. However, to account for the inaccuracies in how tracks are overlaid on top of each other, security agencies within the U.S. government recommend overwriting a surface several times. Somewhat more extreme, Gutmann recommends overwriting platters at least 35 times, eight times with random data and the remainder with an intricate series of ones-and-zeros patterns. Gutmann says his overwriting strategy centers on changing a hard disk's magnetic domain several times while not writing the same data pattern twice in a row.
Not everyone, however, feels that this degree of overwriting comprehensiveness is necessary. Ontrack's Reinert acknowledges that while disk-drive forensics using STM and MFM are theoretically possible, the practical reality is that companies can achieve acceptable security through less severe means. "Lab studies show traces of data are left even after an overwrite, and this residual data can still be seen with lab equipment. But I've never found a case yet where commercial recovery solution was able to recover that data."
Data recovery companies, often the same ones that degauss storage tapes, also offer overwriting services to cleanse hard drives. Ontrack's DataEraser Professional Edition overwrites each drive sector to return the device to the blank condition it was in when it originally left the factory. The software is licensed on a per-drive basis starting at $500 for 50 drives, or about $10 each. Other commercial products include CyberScrub, from the company of the same name and QuickWiper from AKS-Labs.
Of course, more options exist to keep probing eyes away from data saved to hard drives. While software exists to help in the data cleansing effort, some experts wonder if we've reached a price threshold in hard drive technology that makes disk cleansing more trouble than it's worth. Given the declining costs of hard drives vs. the potential damages from having data fall into the wrong hands, has destroying an old disk drive become a more prudent security measure than recycling it to another department or to a local charity? For Gutmann, the answer is yes. But he adds: "It's hard to convince the bean counters to destroy still-functioning gear until data that rises from the dead becomes even more costly."
This was first published in June 2002