Most Common Data Sanitization Myths- Debunked!

Do you know what data sanitization is and why is it crucial? Whether it’s your personal data or sensitive business files, ensuring the security of your data is of prime importance.  Organizations, as well as individuals, store important files on various forms of storage media such as hard drives, SD Cards, USB flash drives, CD-ROM’s, SSDs, and more. When these storage media get damaged, old, or no longer needed, you may decide to send the device to be recycled or resold. But before you sell or discard any piece of IT equipment, the data must be securely removed to prevent unauthorized access.

hard discs illuminated in blue color


You may want to dispose of storage media for several reasons. Possibly, the backup data on CD-ROMs and tapes are no longer needed or maybe you need to upgrade to a newer model. It is also possible that the hard-drive on the computer system has got damaged and needs to be replaced. In all these cases, businesses or organizations need to securely remove stored data to minimize the risk of a possible data breach. So, when you no longer need to use a particular storage media, make sure that any data stored on it has been or will be completely erased. And this is where data sanitization comes in.
 
What is Data Sanitization?
If the data has reached the end of its life or has become obsolete or redundant, it becomes crucial to dispose of that data securely. Data sanitization is the process of intentionally and permanently removing or destroying the data stored on a memory device. The purpose of data sanitization is to make the data unrecoverable, even with the assistance of advanced forensic tools. When done correctly, this process permanently wipes data, removes all traces to ensure your organization’s privacy.

Data Sanitization is crucial because it protects sensitive data that must remain confidential. But do you how to sanitize your data in the right way? If you believe that deleting files or formatting the device is sufficient then you’re wrong. There can be three right ways to sanitize data- physical destruction, cryptographic erasure, and data erasure. However, not every business is aware of the proper methods of sanitization. There’s a common myth that deleting/formatting data from storage media can save you from data leakage or theft. The truth is that even after deleting sensitive data; it is still possible to recover deleted files. So, if you want to avoid making such mistakes, here are common myths about data sanitization.

Myth 1: Deleting Data is Sufficient
The most common myth is that simply deleting files permanently removes data from storage media. However, deleting data is not enough because it doesn’t remove data. You think that moving the files to recycle bin and them cleaning the bin removes data. But, the data remains intact on the drive as unallocated space. It is possible to restore those deleted files by using some sophisticated methods, even if the unallocated space has been utilized by new files. If you simply delete your sensitive business data before disposing of the device, you’re at risk of data breach/theft.

Myth 2: Formatting Removes Data Permanently
Another common misconception is that formatting the hard-drive removes all data. However, formatting is also NOT a permanent solution. When you format the device, this process only modifies the file system but does not remove the data. When you perform a quick format or full reformat of the drive, some or most of the data can be recovered with advanced forensics tools. Even if you can’t access the data but it may still be present on the drive/device. So, when it comes to erasing personally identifiable information and sensitive business data, formatting is not the best option.

Myth 3: Degaussing is the Ultimate Solution
Degaussing is a process by which the storage media is exposed to a powerful magnetic field to remove the data. It is an effective method but not the best technique for non-magnetic storage devices such as SSDs, which store data on semi-conductor chips, not on spinning platters. Degaussing works on magnetic storage devices that store data in the form of magnetic fields. Likewise, optical storage devices are also immune to degaussing. So, before you choose this method, make sure to first understand the nature of storage media. It is also noteworthy that this technique should be used for damaged or end-of-life electronic devices because it can make the media inoperable. So, if you plan to reuse or sell the media, this method is not for you.

Myth 4: Physical Destruction of Storage Media Gets the Job Done
It is commonly believed that physical destruction methods such as crushing, shredding, and disintegration are the best choice for erasing data. However, this is NOT the right technique for data sanitization. The effectiveness of this method depends on the type of drive and the shredder or crusher used for destruction. For instance, the standard industrial shredders can be used for HDDs because hard disk drives store data magnetically spread across a spinning platter. But the same industrial shredder may not be effective for SSDs that store data on semiconductor chips. This is because the shredders can allow solid-state drive data chips to slip through and that data can be recovered from these chips. The larger the shred size, the more chances that data can be recovered from entire chips. Moreover, apart from effectiveness, shredding and other physical destruction methods also have logistical and financial limitations. Typically, companies need to send these drives to outside shredding facility for sanitization. This can again put data at risk of leakage while it is in transit.