1 / 20

Simplifying Compliance with Auditable Data Erasure

Simplifying Compliance with Auditable Data Erasure. Presented at Data Center World 2012. By Markku Willgren. Why Erase Data?. …Privacy ...Compliance …Sustainability and ROI. When to Erase Data?. When equipment ownership changes To safeguard data migration

hedda-mccoy
Télécharger la présentation

Simplifying Compliance with Auditable Data Erasure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Simplifying Compliance with Auditable Data Erasure Presented at Data Center World 2012 By Markku Willgren

  2. Why Erase Data? …Privacy ...Compliance …Sustainability and ROI

  3. When to Erase Data? • When equipment ownership changes • To safeguard data migration • To safeguard component replacement

  4. Enforce Security via Reporting • Erasure results • Uniform reporting for all assets • Audit trail for regulatory compliance • Acts as a release mechanism for end of lifecycle assets • Windows licensing • Computer name, IP address, MAC address, Serial #, etc. • HW configuration • Hardware checking Click to open full size -> • Custom data fields

  5. Use Cases • RMA drives • EOL Servers • EOL Arrays • Selective Data Erasure

  6. I. Failed Drives for RMA • 10,000 HDDs • 40-50 SANs • 3% failure rate • 300 drives/y to replace • Now what? • Ignore your data • Keep the drives • Let OEM manage it • Rent or buy erasure appliance(s) Problem

  7. I. Sample RMA Drive Process ‘Failed’ drive is replaced by vendor break/fix Vendor break /fix accepts sanitized drives for RMA Vendor process Chain of Custody Vendor break/fix hands out ‘failed’ drives ‘Failed’ drives are logged in and secured into custody Sanitized drives are released for return to vendor Erasure Process Failed drives are sanitized Erasure logs are generated and matched to SN# for in-custody inventory A solution

  8. I. Loose Drives Erasure Appliances • Need to support FC, SAS/SATA, and SCSI • Change of carrier vs. pigtail design • Ease of use • Portability • Erasure results, drive serial numbers, user info • Return window for OEM • Dead drives? Solution

  9. II. Server Erasure as a System • End of service • Technology refresh • End of subscription • Reuse in hosting environment • Data center relocation or consolidation • Secure for transit Problem

  10. II. Server Erasure as a System • Access to all areas of the disk • RAID dismantle / pass through • Reporting Solution

  11. III. Enterprise Array Erasure • How many hard drives per erasure? • Disable/bypass control units for enabling erasure of all areas of the disk, including protected areas, remapped sectors, and bad sectors • Need a server with HBAs connected to storage to run erasure software Solution

  12. ADDITIONAL Erasure NEEDS IN the Cloud!- Selective Data Erasure for enterprise environments

  13. IV. Erasing LUNs on Live Data Systems

  14. IV. File Level Secure Erase

  15. Who Should Erase and What ?

  16. Erasure Delivery Options ISO-image burned to CD ISO-image delivered via PXE ISO-image(s) stored to USB ISO-image packed to MSI

  17. Erasure Method Options • HMG Infosec Standard 5, The Baseline Standard • HMG Infosec Standard 5, The Enhanced Standard • Peter Gutmann's algorithm • U.S. Department of Defense Sanitizing (DOD 5220.22-M) • Bruce Schneier's Algorithm • Navy Staff Office Publication (NAVSO P-5239-26) for RLL • The National Computer Security Center (NCSC-TG-025) • Air Force System Security Instruction 5020 • U.S. Army AR380-19 • German Standard BSI/VSITR • OPNAVINST 5239.1A • NSA 130-1 • DoD 5220.22-M ECE • NIST 800-88* • Extended NIST 800-88 * • Firmware based secure erase • Navy Staff Office Publication (NAVSO P-5239-26) - TOP SECRET for SSD • Navy Staff Office Publication (NAVSO P-5239-26) - SECRET or CONFIDENTIAL for SSD • U.S. Department of Defense Sanitizing (DOD 5220.22-M) for SSD

  18. NIST800-88 vs. DOD5220.22M • What is Block Overwrite? • What is Secure Erase? • Security Erase Unit, Enhanced Security Erase Unit, Format Unit, etc. • NIST800-88 Clear vs. Purge • Purge: Rendering sanitized data unrecoverable by laboratory attack methods • NIST800-88 Examples of acceptable methods • Clear = e.g., 1 pass Block Overwrite is ok • Purge = e.g., 1 pass Secure Erase is ok • For ATA drives; Clear = Purge • What about remapped sectors? • What should you use?

  19. Erasing Solid State Drives (SSDs) • What is the state of the market? • Where is the challenge? • What should you do?

  20. The ERA Concept Thank you for your time ..Trust but verify ! ERASE REPORT AUDIT markku.willgren@blancco.com (678) 576 8140

More Related