03 May 2021 Tips and Tricks
Why is it important to understand the difference between data destruction and data erasure?
The option to leave your cellphone with or without a lock screen pin-code is a thought rarely pondered upon by most smartphone users. It is a no-brainer for any individual since privacy is a top priority when it comes to protecting sensitive data (contacts, payment history, financing apps, location services, and more) that could potentially harm them if it falls into the wrong hands. Apply the same concern to an organization or business, the magnitude of the risk skyrockets.
This is not just paranoia but an actual concern. To put things into perspective an entire school district in the United States was a victim of ransomware attacks that lead to all schools being shut down in the year 2020. The data must be either secured actively if it is in use or must be destroyed if the data is no longer of use and is a potential liability for the owner.
Data destruction and data erasure processes come into effect when the target data is no longer of use and has become a potential liability for the owner. Like any process both routes to make your data have their pros and cons.
Data destruction processes are to either physically destroy the media containing the target data or to render it useless for access. this method guarantees the highest probability of the data being irrecoverable and unaccusable but also renders the device to be incapable of being used again or to be warranted/recycled. Some of the prominent methods are:
- Data Shredding is the physical destruction of a target data media in an industrial size grinder that breaks it down into fragments smaller than 2 millimeters or less. It is to be noted that the probability of accessing destroyed data is still there. Drives such as the Solid-State Drives (SSDs) where data is stored so densely that it can remain intact in shredded fragments.
- Degaussing: is the removal or reduction of the magnetic field of a storage disk or drive. degausser devices render the data on the media completely unrecoverable.
Data Erasure is a term interchangeably used with the term data sanitization. This method of eliminating liability data ensures that the target data is destroyed or unrecoverable completely and keeps target data’s media intact. Methods for data sanitization are:
- Data Erasure: Applies software that writes a random binary script that replaces data on the media completely ensuring that all the data has been replaced at the byte level completely.
- Cryptographic Erasure: uses public-key cryptography to encrypt all the data on the device and then the key is discarded, effectively erasing all data on the media.
- Data Masking: Involves creating fake versions of the data, which retain structural properties of the original data. This method ensures the sanitization of data while the media is still in use.
Briefly understanding both methods to secure data that is a liability to the owner the importance of having both options amplify themselves. While physical data destruction has a higher probability of making the data inaccessible it renders the media useless making it only suitable to be trashed or recycled. Physical data destruction can be a costly method depending on which method is being used. Degaussers are expensive devices and if the target data is stored on multiple units, then shredding becomes a tedious process that can also present multiple risk during the process. Data erasure method are more costly than data destruction methods but make up for their cost by making the media usable again. This method also presents itself as a double-edged blade considering the data erasure methods are 100% effective but can only be applied to devices that are in working condition and that are compatible with the software being used. The decision to use which method depends mainly on what is to be done with the media of the target data. To destroy or not to destroy that is the final question.
About the Author