more than just an end of life solution a best practice solution for sanitizing hard drives during...
Post on 20-Dec-2015
215 views
TRANSCRIPT
More than just an end of life solutionA Best Practice
Solution for sanitizing hard drives
during their entire lifecycle
CRADLE
REFRESHES
Storage transfers to a new user or server
Maintenance Tech refresh or return
at end of lease Completion of a project Employee turnover Returning a computer
under warranty Protection from
unauthorized access A virus that is detected Attack from a hacker
GRAVEEnd of Life
AFTERLIFEReformat & Recycle
DRIVE LIFECYCLE
5.6 BillionHard Drives Producedfrom 2001 - 2011
750 MillionHard Drives Reachend of life in 2008
2 – 3 RefreshesCan occur during a hard drives lifecycle
One gigabyte of data on a hard drive
=
Approximately one dump truck of compacted paper
Well Publicized LawsHIPAA, FACTA, SOX, FISMAGramm-Leach-Bliley
Consequences of a BreachFines, Loss of License &Loss of Reputation
39% of Customers Explore other options aftera data breach occurs
49% OF ALL DATA BREACHES RESULT FROM LOST OR STOLEN HARD DRIVES & LAPTOPS
CURRENT SITUATION
ATTENDEES:
MISSION: Develop a technology for sanitizing hard drives beyond forensic reconstruction – retain the ability to reuse the hard drive.
OUTCOME: The Industry collaborated with The CMRR, under the direction of the NSA to develop Secure Erase. Now part of the ATA Rev 4 Spec for hard drive manufacturers A destruction command is embedded in the firmware of hard drives It is an atomic process eradicating all user data beyond forensic recovery Up to 18 times faster than ineffective overwrite routines Compliant, certified standards based technology Implemented by global hard drive manufacturers in 2002BIOS and Operating System developers blocked the ability to initiate Secure Erase.
SECURE ERASE
Australian Department of Defence (ACSI-33)
RCMP Canadian Government B2-
001
UK-HMG Infosec Standard 5
{IS5} and CESG Manuel S
UNITED STATESNIST SP 800-88
COMPLIANCE
CLEAR
PURGE
DESTRUCTION
Commercial SoftwareLevel of security: protection against keyboard attack
Disintegration, Incineration, Pulverizing, or Melting Level of security: protection against laboratory attack
Secure Erase, Degaussers
Level of security: protection against laboratory attackSecure Erase is a high level of protection because you can validate the data is gone beyond forensic reconstruction & reuse the hard drive
DIGITALSHREDDER FEATURES
Carrying Handle
3 Drive Bays Personality Blocks
Printer
1
LED Indicators
Touch Screen
2 3
Height -12”
Width -8.5” Length -13”
Weight – 15lbs
Vacant bay, available for use
Drive is loaded and ready, but no operation is taking place, blinks green when process is completed
Process is being executed, bay is mechanically locked and password protected
Reformatting / imaging
Sector Viewer Certification Labels User Adjustable log-out for secure access Tiered user access – admin/user levels Built in searchable history log History log downloadable to CSV format Large touch screen interface No keyboards, mouse or cables
No Ethernet or Bluetooth connection Ability to partition, reformat & reimage drives 8 – 18x faster than overwrite applications Single point solution User upgradable firmware Portable & Scalable Lock-down Bays for security LED lights indicate current process running
Comparison of Data Destruction Methods
Best Practice RequirementsDigital Shredd
er
Commercial
Software
Degaussing
Machines
Mechanical
Destruction
Third Party
Provide a single point solution YES Yes No No No
Destroy data beyond forensic reconstruction
YES NoUncertai
nUncerta
inUncert
ain
Maintain care, custody, & control over the process
YES No No No No
Imbed an automated certification process
YESUncert
ainNo No No
Deploy a scalable process for corporate-wide compliance
YES No No No Yes
Verify drive sanitization by sector
YESUncert
ainNo No No
Provide a green solution that allows reuse of hard drives
YES Yes No NoUncert
ain
BEST PRACTICE
GETTING STARTED
DETERMINE YOUR NEEDS:
A Needs Analysis will determine your requirements to develop a Digital Shredder placement plan that meets your needs. For example, your current backlog of hard drives (if any) and the types of hard drives in your environment.DETERMINE IMPLEMENTATION:
After your needs are determined, we will create an agreement with you that offers one of three options – long term consignment, short term consignment or on/off site service.
DEPLOYMENT & TRAINING:
The Digital Shredder ships with easy to use instructions. If necessary, training will be conducted either on site or via the web. Training includes setup, administrative Digital Shredder functions, erasure functions, effectively managing the log and efficient sanitization practices
1
2
3
Design. Features. CapacityMake a security and financial difference
NO CAPITAL EQUIPMENT INVESTMENT REQUIRED
OPTIONS
Number of Hard Drives
Number of Days
100 – 199 6
200 – 299 11
300 – 399 15
400 – 499 19
500 – 599 23
5 Easy Steps:1. Determine the number of drives you must refresh or purge;2. Contact us with your count and schedule the Shredder;3. Set-up a web training session for your project leader;4. Remove drives from computers before your unit arrives;5. Purge your drives; price per purge is $25. Volume will
determine how many days the Digital Shredder is deployed.
OPTION II: SHORT TERM CONSIGNMENTShort term placement at your facility for project work
OPTION I: LONG TERM CONSIGNMENTPlace the Digital Shredder on a permanent basis with a revolving 12-month consignment
Pricing Level
Min Purges / Unit
MSRP
I 2,000 + $ 10
II 1,500 + 13
III 1,200 + 19
IV 600 + 31
Mechanics:1. 25% of your purge requirement will be preloaded into
the unit and is due prior to shipment;2. Replenishments can be ordered electronically.
OPTION III: ON OR OFF SITE SERVICEWe provide the service. Pricing will be quoted based on # of drives and time required.