What Makes Crypto-Erase So Popular? NIST and ISO Endorse Simplest Secure-Erase Solution

The key to simple data storage security

A recent blog by one of my colleagues caught my eye the other day because of the history of data storage infographic included in it. Reading through it reminded me of just how fast our world is becoming more and more digitized. Think for a moment that in just over the last twenty years, we’ve seen the transition from regular mail to e-mail, from traditional books to e-books, from physical encyclopedias to Wikipedia, and, of course, from music and movies on physical media to downloadable copies. There are many other examples all around us, and you can be sure we haven’t seen the end of this trend. Don’t be surprised if someone comes up with a digital hammer soon. 😉

The creation of data is said to be doubling every two years, and according to IDC, the world will create 44 zettabytes of data by 2020.[i] That’s the equivalent of 250 billion DVDs…give or take a movie or two. An astonishing figure, no doubt, and storage vendors like Seagate make a good business from making the hard drives and systems to store this data on. But while the IT industry likes to talk about how much data is being stored and how much equipment will be required to store it all, very little attention is given to the enormous amount of hard drives currently in place and what happens to them when we’re done with them.

Think for a moment what you do when you upgrade your computer, tablet, or smart phone, or if you’re the IT guy at work, what you do with the old systems you’re going to replace. Most of us simply migrate the data we want to keep to the new system, “delete” the old drive and resell the system. For most of us, deleting or “wiping” the drive is simply a matter of reformatting it, and the truly paranoid among us will physically destroy the drive. But aside from physically destroying the drive, a simple reformat only gives the appearance of erasing the data by erasing just the root directory the system uses to find where your data is stored on the drive, while leaving the user data intact. These are hardly secure erasure methods since even the most basic disk recovery tool can easily recover the data you thought was deleted. And with the steady stream of data breaches these days, we all know we should do a better job of protecting our data.

To that end, Seagate has been a pioneer in data security with the self-encrypting drive (SED) technology we introduced in 2006 that was designed to protect the data stored on our hard drives (“data at rest”). The customer response over the years to such a simple and effective way to secure data at rest has been extremely positive, especially in those industries where data breaches can be very costly, due to increasing data privacy laws. And it seems a week doesn’t go by without news of another huge data breach that has all of us wondering if our personal data was compromised. Sure, SEDs can prevent some of this , but what is a bit surprising is that we’ve seen a tremendous growth of users deploying SEDs solely for the crypto-erase feature that can wipe drives clean when they need to retire (or repurpose) them.

Why has crypto-erase become so popular? Because it’s a quick and easy way of securely erasing a drive, which can take many hours and often days using traditional data overwrite methods. Instead, SED users can simply change the existing password (the data encryption key, actually), and their data is no longer readable… ever. And a crypto-erase can be done in seconds for any size drive, so you can imagine a user’s elation when they can securely erase an 8TB drive in the blink of an eye. Now multiply that feeling by the tens or hundreds of drives they retire every day, and it’s easy to see why some of our largest customers won’t buy anything but SEDs.

And there’s even better news now that crypto-erase has been approved as a preferred method of data sanitization by two major standards organizations (ISO and NIST). With this official guidance, even the most paranoid corporations and government agencies can feel secure (forgive the pun) that crypto-erase methods are now preferred since they “can be performed with high assurance much faster than with other sanitization techniques.”[ii] Furthermore, the ISO data erasure guidelines go on to say,

“Cryptographic erase could provide substantial value by facilitating rapid eradication of sensitive data (in seconds versus hours or days) by…

  • reducing the wear on the storage device (therefore potentially extending the life of the device)
  • reducing the amount of man-hours expended performing sanitization
  • addressing media types that may be impractical to address using legacy degaussing and destruction techniques”

So while wide customer acceptance speaks for itself, endorsements from some of the leading international standards bodies reinforce the value of SEDs even if you only use them to erase the data on your drives when you’re retiring an old laptop, tablet, smart phone, or corporate system. And at the rate we all upgrade our systems, it won’t be too long before you find yourself debating how you’re going to safely get rid of that old drive, right?

Security software specialists have recognized the value of crypto-erase for years. “Standards bodies such as NIST and ISO now promote cryptographic erase — where admins can sanitize an encrypted drive by destroying or overwriting the encryption key, and WinMagic has supported this concept for a long time,” said Garry L. McCracken, CISSP and vice president of technology for WinMagic, an encryption and key management vendor. “Crypto-erase functions appropriately spotlight the importance of encryption key management. Crypto-erase is especially effective when the actual Data Encryption Key (DEK) is very tightly controlled such as is the case with self-encrypting drives.”

Do yourself and your organization a favor and think ahead two or three years when you’re in the market for a new system. If you have the option, go with the SED even if you only use it to do the crypto-erase. Believe me… you’ll be glad you did. If you have a minute, watch this short video on why Seagate Instant Secure Erase, the crypto-erase feature we include on every SED we ship, can help with your drive retirement needs. Don’t leave your data security to chance.

[i] IDC/EMC Digital Universe, April 2014

[ii] ISO/IEC 27040 (Information technology ─ Security techniques — Storage security) and NIST 800-88 (Guidelines for Media Sanitization)

Allen Marin is a senior program manager for Seagate Data Security products.


About the Author: