2016-07-18 04:27 AM - last edited on 2016-07-18 08:18 AM by Li-Jacques
"Disk sanitization " vs "Zero disk"
As i know "Disk sanitization " - licensed feature - which is used to remove data from a disk or set of disks so that the data can never be recovered. why can't we use "zero disk" to do this as it is not a a licensed feature ?
1. after zeroing the disk - data can be recovered?
2. For the fail disk , can we set the disk to unfail and run the zero disk as we are doing in "disk sanitation"?
2016-07-18 08:38 AM
Disk sanitization is a much more thorough way of destroying data on the disk(s) by overwriting the blocks multiple times with with random data or a specific pattern to obliterate any ability to recover data. Disk zeroing simply over writes the disk once with zeros.
The latter is not considered a secure method because it could be theoretically still be recovered. That being said, there's still some debate about that, however the US Government still says multiple overwrites are a good thing for securly erasing the disk.
Hope that helps.
2016-07-18 08:59 PM
Two thoughts on sanitization. For 7-mode while it is a licensed feature, it's also a "free" licensed feature as the license codes are listed on the support site in the master keys section. So if someone feels they need to use sanitization, it's easily obtainable. Make 'em happy and do the sanitization bit.
Of course, that brings up why one wants to use sanitization or zeroing to clear disks in the first place. The easy assumption would be that the disks are meant to be transferred to someone else's control as functional disks - if remaining in your control, data recoverability is less of a concern as the disks can simply be locked up. If being transferred for non-reuse and there is this level of concern: zero, degauss, and shred. Give them a wonderful puzzle to reconstruct.
The remaining case - transferring control as functional disks. So yes, in theory as Andrew mentioned, data from a disk that is simply zero overwritten could be recreated with specialized equipment/analysis, what is the real liklihood that your are choosing to transfer disks to an entity who is willing to rip them all apart and then spend time/money to reconstruct the original data then also reconstruct the disk relationships just to pull out something that might be there but they may not know what it even is they are looking for?
So while it's not paranoia when someone really is trying to get you, sometimes the whole data at rest security thing gets a little out of hand in the real world.
Hope this helps.
Lead Storage Engineer | Consilio, LLC
NCIE SAN Clustered, Data Protection
Kudos and accepted solutions are always appreciated.