Most Disk Overwriting Software May Compromise Data Security
by Lynette Reichenvater and Stanislav Semakin
Information is the engine of an organization and is undoubtedly a powerful asset but it can also threaten an organization's existence if it falls into the wrong hands. In this advanced technological age, virtually every organization is fully reliant on information technology assets in their day-to-day operations. Large volumes of confidential data such as trade secrets, financial statements and client data are stored on PCs, posing a significant security threat. A single improperly discarded hard drive or PC could have severe consequences if proper measures are not taken to prevent the unauthorized disclosure of confidential corporate data.
The plague of identity theft and the overwhelming number of government regulations and industry standards governing the destruction of data have forced organizations to re-evaluate their data security policy. Failure to adhere to stringent security requirements could result in negative publicity, expensive lawsuits, loss in consumer confidence or even jail time, all of which could hinder a company's success.
Almost all organizations have adequate security policies for the disposal of confidential physical documents, yet the same level of security is not applied when disposing of electronic data, even though the nature of the data may be the same as that on paper. With millions of PCs being upgraded every year, retired PCs are still being discarded with confidential corporate data still stored on them. Most security officers are well aware of the business risks and potential legal liabilities associated with the improper disposal of confidential data yet many organizations still do not have adequate data security policies in place.
Discarded PCs and servers are significant security risks. Chief Security Officers may be convinced that they have a tight data security policy in place but there may be significant flaws beneath the surface. While having a security policy concerning the destruction of electronic data is imperative, successful implementation of the policy is the key to yielding successful results.
Reasons for Concern
Widely available disk overwriting software is one of the main reasons why data leaks continue to occur. Many corporate IT departments use these disk overwriting software tools to mitigate potential business risks and legal liabilities but these tools may have significant drawbacks which could compromise an organization's security.
According to a memorandum issued by the United States Department of Defense (DoD), (2001, May), overwriting software must have the following functions and capabilities in order to ensure the integrity of the sanitization process:
- The ability to purge all data or information, including the operating system (OS), from the physical or virtual drives, thereby making it impossible to recover any meaningful data by keyboard or laboratory attack.
- A compatibility with, or capability to run independent of, the OS loaded on the drive.
- A compatibility with, or capability to run independent of, the type of hard drive being sanitized (e.g., Advanced Technology Attachment (ATA)/Integrated Drive Electronics (IDE) or Small Computer System Interface (SCSI) type hard drives).
- A capability to overwrite the entire hard disk drive independent of any Basic Input/Output System (BIOS) or firmware capacity limitation that the system may have.
- A capability to overwrite using a minimum of three cycles (six passes) of data patterns on all sectors, blocks, and slack or unused disk space on the entire hard disk medium.
- A method to verify that all data has been removed from the entire hard drive and to view the overwrite pattern
Although not mandatory, selected software should also:
- Provide the user with a validation certificate indicating that the overwriting procedure was completed properly.
- Provide a defects log list, or listing of any bad sectors, that could not be overwritten by the software.
Hardware manufacturers often limit the use of the hard drive space for several reasons. In some cases the hard drive space is limited in order to ensure better usability while in other cases the limitations are related to performance qualities. For example, part of the hard drive space might be protected/locked due to the operating system's recovery partition being located in that area. Remapped sectors are another example. They are used only when sectors from the normally used hard drive area get damaged. Other hard drive features that prevent access to the entire physical hard drive surface are:
- Host Protected Area (HPA)
- Device Configuration Overlay (DCO)
- Meta data in Redundant Array of Independent Disks (RAID) configurations
Disk overwriting tools that are unable to access the entire hard disk perform an incomplete erasure, leaving some of the data intact, thus compromising security. In order to eliminate the risk of incomplete erasure, an overwriting tool that is able to access all areas on the hard drive is imperative.
An organization's confidential data is also at risk of falling into the wrong hands if the disk overwriting software being used operates through the BIOS. The BIOS settings define what peripherals are being used and the kind of parameters (operation environment) assigned to these devices. One of these devices is the hard drive, which can be activated for use and configured to have a limited storage capacity. Most disk overwriting tools detect the hard disk size from the BIOS, which detects the configured size as the hard disk size. These overwriting tools will not always perform a complete erasure due to altered or corrupted BIOS data and may report back a complete and successful erasure even if it wasn't able to access the entire hard disk. This leads organizations to believe that all of the data has been completely destroyed, hence providing a false sense of security. A safe and effective overwriting tool is one that bypasses the BIOS and OS as it detects the correct size of the hard drive thus wiping the entire disk clean.
In server machines the hardware plays an important role in offering rapid functionality and allowing large volumes of data to be stored. Unfortunately, good performance and large data storage capacity also pose significant security risks. Complex hardware configurations limit the visibility of the complete data storage area and disable the direct erasure of the entire hard drive surface. Before the actual sanitization process, the hardware configuration must be dismantled into smaller pieces in order to gain direct access to the hard drives. This is common in RAID configurations which are widely used in data backup solutions. Very often widely used disk overwriting tools are unable to perform a simultaneous erasure of multiple drives in servers. The few that can are unable to dismantle the RAID controller, which again is a security issue. If the drives cannot be controlled directly, they cannot be completely overwritten as the RAID controller always reserves parts of the disk space for itself. Cleaning the hard drives in a RAID configuration without first dismantling the controller has the same effect as accessing a PC hard drive through its BIOS. Using a software tool that dismantles the RAID controller ensures that all the drives in the RAID array are completely wiped clean.
An effective overwriting software tool should be able to support a variety of drives. Reliable and extensive hardware support ensures that the majority of hard drives are detected automatically thus minimizing human error. Extensive hardware support also enables an organization to use a single data destruction solution for all PCs/laptops/servers. As most widely available disk overwriting tools do not support a variety of hard drives, they are a partial solution at best.
Importance of Reporting
As daunting as data destruction may seem, organizations need not despair. Acknowledging the security risks is the first step in implementing a security tight policy for protecting corporate data. Utilizing government certified solutions that have been tested and approved will increase data security and reliability.
Prior to use, an organization should test the software in order to confirm its effectiveness.
Having a data security policy in place that addresses the security risks concerning the destruction of electronic data is imperative. Security policies are now heavily influenced not only by industry regulations but also by state level legislation, with regard to information security and confidentiality. While the destruction of data is an essential part of a security policy, data destruction alone is not sufficient to ensure compliance with government requirements. Equally important to the destruction of data is the reporting of the process. An organization must be able to prove that careful steps were taken to ensure that all confidential data was destroyed in a responsible manner.
The data destruction process becomes futile if it cannot be verified afterwards. Reporting and logging are key essentials in ensuring the successful implementation of a data security policy. From an auditor's perspective, as important as the policy may be, the most significant proof that the policy has been followed is the audit trail. The audit trail is a crucial factor in proving that an organization has complied with government regulations as it provides detailed information on how confidential data has been destroyed, when it was destroyed and who carried out the erasure. The erasure report should also list the damaged sectors detected on the hard drive or any other malfunctions. If features or malfunctions inhibit the complete erasure of the hard drive, the drive should be physically destroyed in order to mitigate risks and ensure security. Disk overwriting software that generate a detailed data erasure report will take an organization a long way in meeting compliance requirements and ensuring tight security.
The number of data leaks that occur is evident of the fact that proper measures are not being taken to completely mitigate the risk of data leaks. Safeguarding corporate data should be a top priority and security should never be compromised. Utilizing safe and secure disk overwriting software is a sure way to prevent data from falling into the wrong hands. The consequences of unauthorized disclosure of confidential corporate data could be damaging, and organizations owe it to themselves to ensure maximum security.
United States Department of Defense Memorandum (2001, May). Disposition of unclassified DoD computer hard drives.
About the Authors
Lynette Reichenvater, PR Coordinator at Blancco Ltd., focuses on researching industry trends in the field of data security. She received her Bachelor of Commerce degree from the University of KwaZulu - Natal, South Africa. She can be reached at firstname.lastname@example.org.
Stanislav Semakin, Software Engineer at Blancco Ltd., focuses his attention on contemporary storage and network technologies, operating systems and computer graphics. He has been designing secure disk overwriting software for the past three years. He received his Master of Science degree from the University of Joensuu, Finland. He can be reached at email@example.com.