Data Erasure Software Changes

Transcription

1 Data Erasure Software Changes Current Process Permanent data erasure goes beyond basic file deletion and format commands which only remove part of the information stored on a device. The Secure Data Erasure process which SCC currently follows using version HMG 4.10 which has held CESG s certification to use in accordance to HMG Infosec Standard No.5 since The following erasure algorithm is always applied to magnetic media: - HMG Infosec Standard No: 5 (enhanced Higher Level) 3 pass Upon the completion of a successful erasure, the software creates a unique digitally signed report of the erasure event, with a detailed hardware asset list and results of any diagnostics performed. The certificate provides a 100% certified and tamper-proof audit trail. SCC are in a unique position to provide automated auditability to the customer, with communication links between the Blancco Reports and the SCC Asset Management database, Radius, ensuring that a unique 10 Digit Report ID is inherited against each erased asset. This 10 Digit Report ID reference number (as shown below) is unique to each asset and enhances the auditable trail and provides greater assurance that the asset was successfully wiped. The design of the system means an asset can only inherit this reference when the applicable report event is logged as 100% successful. This reference number is seen in all customer stock reports in the BlanccoUniqueRef field. New Process SCC will be deploying the latest version of CESG approved Blancco software, currently version 5.8, which has superseded the HMG 4.10 version. The software is listed on the CESG CPA approved product list and continues to be compliant to HMG Infosec Standard No. 5, deploying the same erasure algorithm as HMG 4.10: - HMG Infosec Standard No:5 (enhanced Higher Level) 3 pass There will be no changes to the auditable reporting of the erasure event and the software will continue to provide a 100% certified and tamper-proof audit trail detailing hardware and diagnostic results. The automated link between the software and the Radius database will still be in place and offer the same assurances as the previous version. The most notable change which will be seen by the customer will be the new Report ID which will be inherited against each erased asset.

2 The existing 10 Digit Report ID reference number is being replaced by a 36 character reference (highlighted below). The format will always contain the following amount of characters between hyphens but there is no rule surrounding the format of letters and integers used: 8 characters 4 characters 4 characters 4 characters 12 characters Improved Efficiency Changes Current Process Customers items are asset managed and audited for product detail such as make, model, asset and serial number. All data bearing items are then assessed and processed in the Data Sanitisation Suite where customer data is removed. All hard drives are currently either securely erased using certified software or isolated for physical destruction, whether they are housed inside a system unit or received as loose media. Where items are not destined for refurbishment, an assessment takes place against the following to determine if the item holds a remarketing value: Fair Market Value (FMV) Grading Criteria Identification of market value (if any) for each product based on specification (e.g system unit processor type) set by the Recycling Services Sales Team. A standard grading matrix (A - D) specifying assessment criteria for hardware faults and cosmetic condition of items. Grade D units do not hold a remarketing value After assessment, where units do not hold a remarketing value, hard drives in system units are removed for secure destruction alongside loose hard drives. Hard drive erasure is always attempted when a unit holds value (or where a customer has a service agreement to attempt hard drive erasure in addition to physical destruction). The asset management database is updated as ***FAILED*** for both the system units and hard drives when erasure has not taken place. This reference number is seen in all customer stock reports in the BlanccoUniqueRef field.

3 The ***FAILED*** reference is also used in the following instances: When items with a market value have had erasure attempted but have not been 100% successfully erased (e.g. faulty hard drives, faulty system units etc) When MISC data bearing devices (e.g. network switches) could not be sanitised All ***FAILED*** system units and data bearing media are sent to the CPNI approved WEEE Destruction Plant for certified destruction. Destruction certificates are provided for all ***FAILED*** system units and loose media items. When a system unit holds a ***FAILED*** reference, the data bearing media held within will be removed and individually asset managed for physical destruction. New Process Development of the Recycling Services asset management database has enabled the Fair Market Value assessment to take place at the point of asset management. The system has been developed to extend the autonomous FMV functionality surrounding items holding a remarketing value. When a data bearing item is asset managed, the system will now automatically assign a Blancco reference of *UNECONOMICAL* to each item which does not hold a value. Customers will now see this new reference in the BlanccoUniqueRef field for these units. All Items which are allocated an *UNECONOMICAL* reference will be securely processed directly to the WEEE Destruction Plant without the need to perform data erasure. In the event a customer has a service agreement to attempt hard drive erasure in addition to physical destruction, the system will automatically ensure these units still follow the data erasure processing route prior to destruction. The ***FAILED*** reference will still be allocated to items in the following instances: When items with a market value have had erasure attempted but have not been 100% successfully erased (e.g. faulty hard drives, faulty system units etc) When MISC data bearing devices (e.g. network switches) could not be sanitised When a customer has a service agreement in place to always erase in addition to physical destruction In the new process, *UNECONOMICAL* system units will be physically destroyed as one entire device, including all data bearing media held within. There will be no individual asset management for media held within *UNECONOMICAL* items. All ***FAILED*** data bearing items will adopt the same principles as the existing process and destruction certificates will be provided for all ***FAILED*** system units and loose media items independently.

4 Benefits to the Customer The introduction of the changes outlined will lead to certain benefits for our customer base. The key benefits have been explained in greater detail below: The latest version of Blancco contains all modern drivers and has a more extensive hardware support than the previous CESG approved version of Blancco, thus ensuring greater erasure coverage. Hardware Support In addition, the design of the latest version of Blancco software holds a more flexible approach than the previous version, allowing for the release of updated versions of the software to include the most recent drivers and improvements required to meet the demands of an ever evolving climate. This flexibility does not compromise the CESG security characteristics, as the erasure elements of the software have been locked down and remain certified. SSD Erasure The Blancco 5 software has the ability to erase Solid State Drives, which includes 3 stages of overwriting. The Blancco SSD erasure methods have been forensically tested by a third party to ensure no data can be recovered from erased drives. The software offers the same reporting auditability of successful erasure as available for magnetic media. It is important to note that CESG have not provided a framework for SSD erasure and the guidelines in the HMG IA5 standard advises that all flash media should be destroyed. The default procedures in Recycling Services are in alignment to the HMG IA5 standard. For this reason, the onus is on the customer to make a risk based decision surrounding the SSD erasure methods. SCC will provide all customers the support and information required to assist in making an informed risk based business decision during the creation of the customer specific briefs. Erasure Verification Recent changes to the CESG security characteristics now require all CESG approved erasure products to perform 100% verification of erasure after every overwriting pass, as opposed to just once after all the passes have completed. These characteristics are present in the latest Blancco 5 software discussed within this document. The HMG Infosec Standard No:5 (enhanced Higher Level) algorithm used for erasure by SCC conducts 3 passes, which will now be 100% verified for erasure after every pass. This is a much more stringent verification approach than the historical verification and ultimately offers even greater assurances to the customer that successful erasure has taken place. Clear Process Definition The introduction of the new *UNECONOMICAL* reference will provide remarketing customers with a clearer understanding of sanitisation reasons. The new reference will allow customers to determine which items in their estate do not hold value and which are being destroyed because of faults and damage.

5 The introduction of the new *UNECONOMICAL* reference reducing operational touch points will ensure that all data bearing devices will be processed in a more timely fashion. Improved Efficiency and Risk Reduction Items without a value will be securely destroyed sooner and destruction certificates will now be available to all Portal Customers* as soon as an item is destroyed. This removal of data erasure for below FMV items will also lead to items being available for sale at the earliest possible opportunity. This can potentially either lead to an accelerated revenue return to the customer, as some items can be sold earlier, or provide the Recycling Services Sales Team more time to ensure an item can be sold for the greatest possible value. In addition, efficiencies in processing also lead to a reduction in risk. Standard information security principles will always indicate that a reduction in storage time for unrequired data will reduce risk. Although SCC Recycling Services provide a secure facility for all processing activities, the new process provides a best practice approach to mitigating risks associated with data security. *The Recycling Services Portal is a new system which enables real time monitoring for customers to check the processing progress of all units which are currently in the Recycling Services facility and view historical processing activities. The system also provides access to data sanitisation and destruction certificates as required. The Recycling Services Customer Services Team are in the process of engaging with customers and presenting the new portal. There are numerous benefits for Portal Customers, but for those who do not wish to opt in, information will continue to be provided in the existing fashion.