html5-img
1 / 29

THE WORLD’S PREMIER SOLUTION FOR SANITIZING HARD DRIVES PRIOR TO REPURPOSING OR DISPOSAL

THE WORLD’S PREMIER SOLUTION FOR SANITIZING HARD DRIVES PRIOR TO REPURPOSING OR DISPOSAL. DIGITAL SHREDDER. PRODUCT PRESENTATION. PARTNER LOGO. PARTNER CONTACT INFORMATION. CURRENT STATE OF AFFAIRS. Failure to properly sanitize hard drives has catastrophic consequences :.

bell-webb
Télécharger la présentation

THE WORLD’S PREMIER SOLUTION FOR SANITIZING HARD DRIVES PRIOR TO REPURPOSING OR DISPOSAL

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. THE WORLD’S PREMIER SOLUTION FOR SANITIZING HARD DRIVES PRIOR TO REPURPOSING OR DISPOSAL DIGITALSHREDDER PRODUCT PRESENTATION PARTNER LOGO PARTNER CONTACT INFORMATION

  2. CURRENT STATE OF AFFAIRS Failure to properly sanitize hard drives has catastrophic consequences: Civil and criminalpenalties Lost confidence of client base Erosion of income and profits Irreparable harm to reputation

  3. = One gigabyte of data on a hard drive Approximately one dump truck of compacted paper CURRENT STATE OF AFFAIRS 5.6 BillionHard Drive Productionfrom 2001 - 2011 Well Publicized LawsHIPAA, FACTA, SOX, FISMAGramm-Leach-Bliley 600 MillionHard Drives Reachend of life in 2008 Consequences of a BreachFines, Loss of License &Loss of Reputation 2 – 3 RefreshesCan occur during a hard drives lifecycle 69% of Data Breach Costs Are the result of lost customer business 44% OF ALL DATA BREACHES RESULT FROM LOST OR STOLEN HARD DRIVES & LAPTOPS

  4. COST OF DATA BREACH Incident Response INCIDENT RESPONSE ELEMENTS • free or discounted services • free credit checks for five years • lost business • notifications via email, letters, web, media, etc. • legal defense • criminal investigations • legal audit and accounting fees • call center expenses • public relations/communication • internal investigations • security consultants • Average cost per record compromised in 2007: $202 • Average cost per record compromised in 2007 by Third Party: $238 Source: Ponemon Institute

  5. THE HARD DRIVE EPIDEMIC Materials become toxic when incinerated in landfills Rare earth magnets – platters are aluminum coated in iron oxide and other chemicals Mercury & PCB in electronic circuits

  6. Proper sanitization of digital data is much more than a Best Practice Solution, IT’S THE LAW.

  7. USA REGULATORY PENALTY MATRIX

  8. SANITIZING DRIVES: MORE THAN JUST END OF LIFE Storage transfers to a new user Storage transfers to a new server Maintenance Return at end of lease BACK OFFICE COMPUTING: INDIVIDUAL USER NOTEBOOKS AND WORKSTATIONS: • Tech refresh or return at end of lease • Upgrading to a new computer or higher capacity drive • Completion of a new project • Cleaning a workstation for a new user • Departure of an employee from an organization • Returning a hard drive under warranty • Returning a computer under warranty • Protection from unauthorized access • A virus that is detected • Attack from a hacker • Employee turnover

  9. EVOLUTION OF A SOLUTION In the late 1990’s, the international hard drive manufacturing community called a global summit to discuss the rapidlygrowingchallenge of properlysanitizingharddrives.

  10. SOLUTION IS CONCEIVED: SECURE ERASE ATTENDEES: CHALLENGE: Develop a means of sanitizing hard drives beyond forensic reconstruction while retaining the ability to reuse the hard drive. OUTCOME: The Hard Drive Industry collaborated with The Center for Magnetic Recording Research, under the direction of the US National Security Agency (NSA), to meet the challenge. They developed a sanitizationstandard called: SECURE ERASE

  11. SECURE ERASE It is now part of the ATA Rev 4 Spec for all hard drives. A destruction command that is embeddedin thefirmware of ATA hard drives including IDE, EIDA, PATA and SATA. An atomic process - eradicates all user databeyond forensic reconstruction. Up to 18 times faster than ineffective overwrite routines. Compliant, certifiedstandards based technology. Implemented by global hard drive manufacturers in 2002. Validated and certified by the InternationalSecurityCommunity. BIOS and Operating System developers blocked the ability to initiate Secure Erase.

  12. Inthe absence ofan enterprise level Secure Erase solution, billions were spent on products, processes and outsourced solutions that were not effective, scalable or failsafe.

  13. METHODS THAT FALL SHORT Degaussing Machines Commercial Software Third Party Providers Mechanical Destruction • Let’s compare these methods to the • CRITICAL REQUIREMENTS • most often requestedby IT Professionals.

  14. MARKET FEEDBACK Design input from IT Professionals and auditing firms during development • Destroy data beyond forensic reconstruction. • Provide a single-point lifecycle solution that handles all drives • Offercontrolof the process. • Deploy a scalable process providingcorporate-wide compliance. • Give user the ability to verify erasure– “trust but verify.” • Imbed an automated certification process that completes an audit process. • Provide a green solution that allows reformatting and repurposing of hard drives for reuse or the ability to recycle the drive intact.

  15. COMMERCIAL SOFTWARE DESCRIPTION: LIMITATIONS: • Does notdelete data beyond forensic reconstruction • Lack of automated data logging, audit trails or certification labels • Single drive can take more than 24 hours • Ties up workstations for hours • Vulnerable to user manipulation • Replaces existing data with a set of random or repeating data

  16. DEGAUSSING MACHINES DESCRIPTION: LIMITATIONS: • Not a lifecycle management tool – end of life only • Unable to reuse drive, not a green solution • Not “office friendly” • Dangerous high level magnetic fields require special precautions • Destroys read/write head – can not confirm data is deleted • Lack of audit trail or certification labels • Requires constant re-calibrations to ensure proper functionality • Disables hard drive by applying a strong magnetic field • UNSAFE, INCONSISTENT, NOT CERTIFIABLE

  17. MECHANICAL DESTRUCTION DESCRIPTION: LIMITATIONS: • Reduces hard drive into scrap metal or physically disables the media • Includes hammers, nail guns, belt sanders, and mechanical shredders • Not a lifecycle management tool – end of life only • Heavy, bulky and noisy equipment, not “office friendly” • Lack of automated data logging or audit trail • Unable to reuse the drive, Not a green solution, toxic hazards at shredding site and landfill • Encourages stockpiling of drives, a security risk • Not a scalable solution

  18. THIRD PARTY PROVIDERS DESCRIPTION: LIMITATIONS: • Not a lifecycle management tool – end of life only • Loss of care, custody, and control • Storage problems exist between visits • Risk of loss during transit • High service and transportationcosts • Retention of liability - a handoff does not absolve liability • Deploys any of the prior methods • Third Party employs any of the previous methods • The service may be performedon-site, or require that the hard drives be transported to the service provider’s facility

  19. SOLUTION IS BORN: THE DIGITALSHREDDER Width - 8.5” Length - 13” Carrying Handle Height - 12” Touch Screen LED Indicators Printer 1 2 3 Weight – 15lbs 3 Drive Bays Personality Blocks GREEN SOLUTION – ALLOWS REUSE OF HARD DRIVE AFTER CLEANSING!

  20. USER FRIENDLY: NO KEYBOARD OR MOUSE INTEGRATED SCREEN eliminatesthe need for keyboardandmouse, facilitates portability Main Menu History Administrative Login Drive Operations Sector Viewer SECURED ACCESS: Password Protected

  21. USER FRIENDLY: NO CABLES – NO CLUTTER Quick and easy secure connections to various drive formats: Current Support: All ATA drives including IDE, EIDE, PATA and SATA - 2.5” and 3.5” (desktop & laptop drives) Upcoming Support: SCSI, Fiber Channel, SAS, Major Flash Media 3 Bays: multiple drives sanitized simultaneously and independently Lock down enhances security SANITIZE INSERT LOCK DOWN

  22. USER FRIENDLY: LED INDICATORS LED INDICATOR DRIVE STATUS OFF Vacant bay, available for use GREEN Drive is loaded and ready, but no operation is taking place, blinks green when process is completed RED Process is being executed, bay is mechanically locked and passwordprotected ORANGE Reformatting / imaging

  23. BEST PRACTICES: AUTOMATED AUDIT TRAIL • Automated log tracks the following: • Operator’s name • Date and time • Hard drive serial number • Elapsed time • Erasure process PHYSICAL LABEL DIGITAL LOG • Completionof an erasure processresults in the printed bar code labelwhich includes the log entry informationfor the hard drive • Labels can be easily scannedfor error-free, automatedequipmenttracking • AllDigital Shredderactivityisstoredin the internal log file • Log filecan be exported in CSVformatusing the USBport

  24. A CLEAR COMPETITIVE ADVANTAGE

  25. USA GOVERNMENT COMPLIANCE The Digital Shredder Secure Erase appliance meets and/or supports the following Department of Defense or Civilian Government guidelines concerning Information Security Practices: • NSA Information Assurance Advisory – NO. IAA 2006-2004 in Guidance to Designated Approving/Accrediting Authorities (DAA’s) regarding the Use of Software Clearing for Downgrading of Hard Disks • US Deputy Secretary of Defense Memo dated May 29, 2001; Disposition of Unclassified DoD Computer Hard Drives, by Paul Wolfowitz • US National Computer Security Center (NCSC-TG-018); Rainbow Series "Light Blue Book" A Guide to Understanding Object Reuse in Trusted Systems • US National Computer Security Center (NCSC-TG-025); Rainbow Series "Forest Green Book" A Guide to Understanding Data Remanence in Automated Information Systems • US National Institute of Standards and Technology (NIST) SP 800-88Guidelines for Media Sanitization • National Institute of Standards and Technology (NIST) SP 800-14 Generally Accepted Principles and Practices for Securing Information Technology Systems • US Air Force System Security Instructions 5020 • US Army AR380-19, AR25-1, AR25-2 • US Navy Staff Office Publication (NAVSO P-5239-26) • US Navy OPNAVINST 5239.1A

  26. EDT’s VALIDATION PHASE: GOVERNMENT

  27. COMMERCIAL CUSTOMERS • Healthcare • Education • Legal • Financial • Service Providers

  28. CLEAR Commercial Software Level of security: protection against keyboard attack DESTRUCTION United States National Institute for Standards & Technology Special Publication 800-88 Disintegration, Incineration, Pulverizing, or Melting Level of security: protection against laboratory attack PURGE Secure Erase, Degaussers Level of security: protection against laboratory attackSecure Erase is a high level of protection because you can validate the data is gone beyond forensic reconstruction & reuse the hard drive GOVERNMENT COMPLIANCE Australian Department of Defence (AustralianCommunications – Electronic Security Instruction ACSI33) Royal Canadian Mounted Police Lead Agency Publication B2-001 UK-HMG Infosec Standard 5 {IS5} & CESG Information Assurance Manuel S

  29. DIGITALSHREDDER The World’s Premier Solution for Sanitizing Hard Drives Prior to Repurposing or Disposal.

More Related