Data Vulnerability: Stages and Protections
When there is a weakness or error in a system’s code that could be exploited by a cyber-attack, it is known as a data vulnerability. An exploited vulnerability can allow attackers to steal confidential data, install malware, run code, and render devices disabled. Despite a global effort to prevent data theft, cyber-attacks are becoming more frequent and many organizations are easy targets without even realizing it.
NIST 800.53 Media Sanitization
The evolution of media storage and use in organizations has grown exponentially and will continue to be a component of federal information systems. Media storage is low cost, easy to transfer data and is the backbone of most systems. It has many vulnerabilities, as well, which has necessitated recommendations for which sanitization methods to employ and when sanitization should be performed.
Erasing Devices With NIST 800.88r1 Overwrite Pattern
As stated in the NIST 800:88r1 “The modern storage environment is rapidly evolving.” This constant and sometime drastic changes is causing major data management issues unless organizations properly align their policies with current guidelines.
DoD 5220.22-M Relevancy & The Evolution Of Wipe Standards
Changes in technology and data storage devices have forced the DoD 5220.22-M erasure standard to be re-evaluated. The following document discusses the DoD 5220.22-M deletion standard, its efficacy today and discover what organizations are using for their proven wipe method.
Checklist - Keeping Data Secure
Protecting your proprietary data and sensitive financial or customer data is an ever changing challenge for businesses. Protecting that information from network setup and acquisition to secure data destruction requires planning and vigilant attention to data security.
Protect Corporate Data Through Lifecycle
By allowing these protected data types to be improperly accessed or stolen, a corporation might be legally liable for having “breached their duty of care” to protect corporate data and destroy it properly. This makes prevention through network security and strict data management protocols an important part of your corporate strategy.
Common Criteria EAL 2+: Why Is Certification Important
There is a significant difference between software claiming to comply with standards and the software tools receiving certifying compliance. We don't believe our customers should have to verify that WipeDrive does what we claim, so we have received Common Criteria certification at EAL2+.
7 Security Gaps You May Have Missed
Disposal of drives and other data-bearing hardware is a necessary but often neglected part of every organization's IT lifecycle. However, many companies skim over this process and leave potential gaps that can be exploited. Fortunately, these gaps are easy to fix with a little awareness and the right tools. This whitepaper explores seven commonly missed security gaps when retiring their drives and resolutions.
Software Distribution Methods 101: WipeDrive
When it comes to software distribution methods, you have a wide array of options you can utilize, from CDs, DVDs, and Blu-ray discs to USB drives, the Cloud, and a PXE network. There are key differences with each method that will determine how much interaction is required by the IT technician or person responsible for installing the software application onto the device.
Physical Destruction Of Data
The hardware assets leaving your organization can be a security risk – even after they're discarded. Cyber criminals have gone to great lengths to access storage media, even going through landfills. Physical destruction remedies this possibility by reducing hard drives and other stargate devices to shreds. However, with 3.4 million tons of e-waste going into landfills every year (according to the U.S. Environmental Protection Agency in 2014), the chance your sensitive data is at risk, is higher than you may think.
The Issue Of Data Persistence On Phones And Computers
Devices connected to your corporate network may contain data believed to have been deleted. Exposure of sensitive company data can put your security at risk. It can jeopardize the reputation of your business and risk violations of industry and federal regulations. These are just a few reasons to use hard drive wipe software to address data persistence and data remanence.
WipeDrive Is Fundamental In Helping Organizations Meet PCI DSS Requirements
New data breach strategies and attacks have made it imperative that standards be put in place to protect credit card data. The Payment Card Industry Data Security Standard (PCI DSS) is an ongoing regulation started in 2006 to ensure that all companies that accept, process, store or transmit credit card information do so in a secure environment.
Is Encryption Enough When Retiring Hard Drives?
Encrypting hard drives adds an effective new level of data protection and security for organizations. However, there is a disturbing trend of relying upon encryption as a form of data sanitization. While encrypted data may seem inaccessible it should never be considered 'sanitized' since all of the data remains and various risk factors threaten this approach.
GDPR Changes And IT Asset Retirement
The worlds strictest data protection regulations have recently gone in to effect. General Data Protection Regulation's newest updates aim to protect all EU citizens from privacy and data breaches. Every organization that collects and/or processes data from people in the EU is subject to GDPR and needs to comply.
5 Security Holes You May Have Missed
The hard drive retirement process is one of the most neglected security threats most companies face today. Data contained in old or retired hard drives can put your organization at equal risk to other attack vectors. Take the opportunity to see how your organization may be at risk and how to address any security holes you may have in regards to your hard drive retirement process.
Are Multiple Wipe Passes Necessary For Secure Data Erasure?
While WipeDrive software allows you to do any number of passes using any wipe pattern, there is no compelling evidence to suggest that any more than one pass is necessary to ensure complete data erasure. This report briefly explains why organizations use multiple passes and why we don't currently see them as being necessary.
WipeDrive Compliance: NESA In The United Arab Emirates
The United Arab Emirates requires all agencies meet National Electronic Security Authority (NESA) compliance regulations. These regulations are meant to limit the exposure of data loss and data breaches by government agencies. This report reviews the NESA requirements and what UAE agencies can do to meet them.
WipeDrive Enterprise: Common Criteria EAL2+ Certification
The Common Criteria for Information Technology Security Evaluation is an international standard for computer security certification managed by 30 member countries. WipeDrive Enterprise obtained EAL 2+ certification on a data erasure security target and received evaluation by a Common Criteria certified lab. This rigorous certification is the most comprehensive certification currently available.
Data Sanitisation Guidelines For N3 Connected Networks
The National Health Service in the UK recently made major changes to their data sanitisation guidelines. These guidelines were published in the Destruction and Disposal of Sensitive Data: Good Practice Guidelines and in the Sanitisation, Reuse, Disposal and Destruction of Electronic Media: Guidance For Health and Care Organisations policy updates. The updated guidelines provide recommendations for the secure erasure of patient data on many different types of media.
WhiteCanyon Patent 9665743
WhiteCanyon Software selectively pursues intellectual property protection on methods and developments in the data erasure industry. This patent protects the process of wiping data on a computer that is reported lost or stolen. This patent reaffirms WhiteCanyon Software as the world leader in data erasure technology.
WhiteCanyon Patent 9396359
WhiteCanyon Software selectively persues intellectual property protection on methods and developments in the data erasure industry. In practicing full disk erasure with encryption key destruction, we created the concept of a patent for the sanitization method on an encrypted disk drive.
OEM Tools: Data Wiping Issues And Weaknesses
Many SSD, NVMe and hard drive manufacturers provide OEM Tools for formatting, partitioning and secure erasure. Though many groups on the internet provide support for OEM Tools as an alternative to commercial data wipe solutions, this paper explains why OEM tools fail to be a practical replacement and addresses their major issues.
Low Level Format & OEM Tool Issues
Data removal has been a requirement in organizations since data-bearing devices held confidential and proprietary data. Low Level Format (LLF) and OEM Tools may have once worked on data storage devices (some argue that these options were never fully successful) but technical advances have made these options obsolete.