A guest blog by Troy Hegr, technology manager, Kroll Ontrack
Companies are closely examining their data security practices due to recent data breaches and misplaced or stolen computers that have been publicized in the past few years. Erasing information is a crucial step in any data security practice at the end of a device’s life or prior to re-sell or re-deployment in order to prevent theft of sensitive data and/or data regulatory compliance violations. It is also very important to verify the erasure process. It has become so important in fact that Kroll Ontrack was recently recognized at the Storage Visions Conference as the recipient of the Visionary Company Award for its Erasure Verification Services (EVS). Kroll Ontrack is proud to be able to provide documentation and peace of mind to companies such as NetApp®, verifying the effectiveness of their media sanitization process.
As the global leader in data recovery, Kroll Ontrack leveraged its proprietary tools and expertise to validate the Disk Sanitization feature of NetApp® Data ONTAP® software on a FAS2240 storage controller with internal Hard Disk Drive (HDD) / Solid State Drive (SSD) storage. Following NetApp’s Disk Sanitization process, Kroll Ontrack thoroughly searched and analyzed each media type looking for any remnants of user data on the device. For HDD, this process is performed via the drive’s standard interface using proprietary software to ensure every user-accessible sector of the media in question does not contain any user data. For SSD, a second level of verification is required because the information is not stored linearly, but rather distributed across random blocks of the memory chip. Specifically, the NAND memory chips are removed and raw data is searched to ensure not only the user-accessible sectors do not contain any data but also the hidden areas on the SSD, such as the pool of spare pages and reserved blocks. Following completion of the verification services, a final report is delivered detailing the process that was used to prepare, sanitize, and analyze the device and the results of the analysis.
Both information technology vendors and security minded customers alike look to Kroll Ontrack for independent and comprehensive analysis using state of the art data analysis techniques and technologies. Kroll Ontrack EVS allows a leading data management and storage provider like NetApp to demonstrate data and information confidentiality after deletion and prior to reuse -- criteria essential to today’s cloud-based, multi-tenant storage environments.
Through Kroll Ontrack Erasure Verification Services, erasure is validated for a media make, model and erasure procedure as long as the technology and process remains intact. If the media or process is altered in any way, a new erasure verification test should be performed. For more information about Kroll Ontrack Erasure Verification Services, visit: http://www.krollontrack.com/information-management
Troy Hegr, technology manager, Kroll Ontrack