Disk Encryption and Cryptographic Key Erasure

Encryption is the process of encoding a message or information in such a way that only authorized parties can access it. Encryption has become a popular way to secure data both when it is being transferred and when it is at rest (stored on disk). Most modern hard drives and solid state drives offer encryption either natively (as part of the hardware solution) or using disk encryption software.

There are different levels of sophistication in encryption, but all encrypted data can be unlocked with the corresponding key. With current decryption technologies, losing or erasing the key makes the data effectively unrecoverable, and as a result, some organizations’ IT staffs are relying on key erasure (crypto erase) to protect data on drives that are being retired. While crypto erasure is quick and encrypted data may seem inaccessible after a crypto erase is performed, it should never be considered “sanitized.” Here are some of the weaknesses of crypto erasure:

  • Data Persistence
  • Password Weakness
  • Encryption Algorithm Weakness
  • Decryption Technology Progress
  • Software Error
  • Human Error
  • Procedural Difficulty
  • Reporting

Data Erasure by Drive Wiping

Simply deleting an encryption key on an SED is insufficient to provide complete protection for the data on discarded drives. If the data is still there, even in encrypted form, it remains vulnerable.

A more secure way to protect sensitive data during hardware disposition is to overwrite every sector on the drive. There are various patterns and standards for wiping drives, but they all basically achieve the same thing—storing new, meaningless values in every drive sector removes the old, sensitive data and makes it impossible to read.

Data erasure by hard drive or SSD wiping is the best way to ensure the data has been sanitized without destroying the hard drive.

Combined Crypto Erase and Data Erasure

A key best practice for data sanitization is redundancy at each level, including methods of data erasure or destruction, multiple levels of data security (such as encryption), and multiple reviews of processes to ensure compliance. If a secure data erasure tool worked in tandem with cryptographic erase, it would provide an added layer of protection to the data sanitization process.

WhiteCanyon’s WipeDrive data erasure software employs a patented process to both replace encryption keys and wipe all data on the disk.

Benefits of WipeDrive’s Patented Process

By resetting the encryption key and then wiping the data, WipeDrive realizes the following benefits:

  • Rapid, Redundant Data Protection Process
  • Total Data Removal
  • Security
  • Reduction of Human Error
  • Ease of Use
  • Reporting

Summary

Encryption is extremely useful for keeping data safe while the drive is in your organization’s control, but it has weaknesses after drive disposal. Learn more by reading our report about using WipeDrive to both crypto erase and wipe your drives.

Download Report