Educause Security Discussion mailing list archives
Re: Wiping of data on large storage arrays
From: "SCHALIP, MICHAEL" <mschalip () CNM EDU>
Date: Fri, 18 Mar 2011 09:49:09 -0600
Doing a wipe on a complete storage array can be done, but only if you have a week or two to let it run.....possibly longer. In the Fed sector, they sometimes write into the contract that all the equipment *except* for the physical hard drives......then they just shred the hard drives. I've seen one contract where they agreed to provide "like drive hardware" instead of returning the hard drives - the contract got brand new drives in return, and we didn't have to sanitize anything, (I know - sounds expensive, but the savings in time/labor more than paid for the drives - and the level of "sensitive" dictated the extra caution.....). Another contract just said that the hard drives had to be returned - so they put all the drives through a degausser, turned up to "easybake", and called it good.....and the contract folks were fine with that..... Just other options..... M -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jones, Dan Sent: Friday, March 18, 2011 9:38 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Wiping of data on large storage arrays Hi All, I'm searching for options to address the contractual need to purge data at the end of a contract. Many of our contracts call for 'secure deletion' of the data owner's data when a contract ends, including issuance of an affidavit to that effect. A DOD 5220.22-M wipe is simple to do when data is stored on a single disk. Even with early storage arrays, one could provision a small set of disks for a project and then wipe the disks at project's end. Similar things apply with backup tapes too. The verbiage of old-style data destruction requirements does not mesh well when data is stored on more modern storage -like an Isilon array (since data will age-out over time and be migrated to slower disks or near-line storage). I wonder how others may be addressing this need. - data is spread over so many disks we don't worry about it - destroy the encryption keys so the data becomes irretrievable cyphertext - something else? If the response is significant I'll summarize responses for the list Vendors need not reply Thanks, Dan Jones ISO UMass Medical School dan.jones () umassmed edu -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Current thread:
- $1m fine for lost documents Allison F Dolan (Mar 03)
- Re: $1m fine for lost documents John Ladwig (Mar 04)
- Re: $1m fine for lost documents Allison F Dolan (Mar 04)
- Wiping of data on large storage arrays Jones, Dan (Mar 18)
- Re: Wiping of data on large storage arrays SCHALIP, MICHAEL (Mar 18)
- Re: $1m fine for lost documents John Ladwig (Mar 04)