Why should I Wipe Encrypted Drives?
We are going to talk to you about the need to wipe drives that are encrypted at the end of life. It's a question that we get all the time. If I have drives that have a software or hardware level encryption, is it necessary for me to go through and actually do a wipe before it leaves my organization? Well, the answer is a clear yes.
And we're going to go through some of the reasons why that is. And some of these are going to be more likely than others. But all of them are actual risks.
If you have any questions about this, please feel free to reach out to us at firstname.lastname@example.org
Why you would want to incorporate a wipe into your end of life process?
First off is that the data may not actually be encrypted. If you're not certain that 100% of your data is encrypted, 100% of the time. If you got a mix of devices, some of them are encrypted. Some of them are mobile devices, laptops, desktops, servers. Unless you're certain, then that is a risk.
Second off is that encryption can sometimes be shared across devices. In particular when you're dealing with RAID arrays. So if you've got a RAID that's encrypted and you have a drive that's taken out of it, it is possible that that encryption key is stored elsewhere and could be then used to to decrypt the drive at a later point
Third off would be backdoor access to the drive. Especially if you're dealing with encryption software as opposed to a hardware level encryption. So it's possible that these drives have some type of backdoor, whether it's designed by the software itself or if it's designed by law enforcement, that's always a risk.
Fourth is going to be brute force attacks. Encryption is always expanding and becoming more difficult to crack, but computers are also getting more powerful. And brute force attacks are always possible in the future, in particular, where computing power has gotten greater. And if you've got a drive that has left your organization, then four years from now someone tries to brute force that encryption key. It's possible that they could crack it.
Fifth off would be the DCO / HPA / wear leveling areas. So sometimes these devices will not have these pieces encrypted. DCO's, HPAs, these are hidden partitions. Wear leveling areas are used when SSD are trying to prolong their lifespan. So these areas could pose a risk if someone did a laboratory type attack on these drives and this information was not encrypted or this information was exposed in some way.
The next point would be just that the audit report is far more secure. One of the key things that we do here at WhiteCanyon is we're giving you this audit report that details everything about the process itself. The when the wipe stated, when it stopped the unique identifiers like the Mac address, drive serial numbers, all the other configuration specifics. Who did it? This audit report is your proof that you did what you said you were going to do. And if you ever have to justify what you've done, whether that's in a court setting or any type of legal setting or to show that you're in compliance with some regulatory requirements, that audit report is your golden ticket.
And then the last point would be just that this is seatbelts and airbags. Encryption is incredibly important and very powerful. If it's used correctly. WipeDrive makes sure that no one could ever forensically recover any of the bits from that drive and try and crack them or try and go around the encryption in any way. So they mutually enforce each other.