Data Destruction

---

On-prem Methods

• Physical Destruction of Media
  • can destroy data by burning, melting, impact, or industrial shredding
  • often a preferred method of sanitization
• Degaussing
  • involves applying strong magnetic fields to hardware and media where data resides, effectively making them blank
  • does not work with SSDs
• Overwriting
  • allows data to be destroyed while leaving the media intact
  • good for media reuse
  • uses multiple passes of random characters written to the location where data resides
  • can be time consuming for large devices
  • only works for HDDs
• Crypto-shredding (Cryptographic erasure)
  • involves
    • encrypting the data with a strong encryption engine
    • then encrypting the keys with a different encryption
    • then destroying the resultant keys

Cloud Data Destruction

• in the cloud, these options may not be feasible
• in SaaS and PaaS, data destruction can be approached only through contractual agreements
• crypto-shredding is the only pragmatic option for data disposal in the cloud
  • speed is a significant obstacle

Data Destruction Policy

• Create a policy for data disposal that includes:
  • process for data disposal
  • applicable regulations
  • clear direction of when data should be destroyed