Issue No.04 - July/August (2009 vol.7)
Gordon F. Hughes , University of California, San Diego
Tom Coughlin , Coughlin Associates
Daniel M. Commins , Western Digital
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2009.89
User data is often unprotected on disk and tape drives or not erased when no longer needed, creating data security vulnerabilities that many computer users are unaware of. Federal and state laws require data sanitization, which comprises a variety of data eradication methods. Secure sanitization refers to methods meeting those federal and state laws. Companies that fail to meet these laws can be subject to fines of $5 million, and individuals can be imprisoned for up to 10 years. Physical destruction of storage devices offers the highest security. But executing the disk drive internal secure-erase command also offers a higher security level than external-block-overwrite software, according to federal guideline NIST 800-88. Recent disk drives with internal full disk encryption now implement an enhanced secure-erase command that takes only milliseconds to complete.
mass storage, storage management, security and privacy protection, degaussing, data encryption, information resource management, data sanitization, secure erase, enhanced secure erase, Trusted Computing Group, ANSI, NIST 800-88, FIPS 140, legal
Gordon F. Hughes, Tom Coughlin, Daniel M. Commins, "Disposal of Disk and Tape Data by Secure Sanitization", IEEE Security & Privacy, vol.7, no. 4, pp. 29-34, July/August 2009, doi:10.1109/MSP.2009.89