This week I led the Spring IT Town meeting at Harvard Medical School and one of the issues we discussed was the difficulty of protecting intellectual property on hard drives we're replacing. How does a drive containing sensitive clinical, financial or research data get sanitized when EMC or other storage vendor replaces a drive that has gone bad?
I found a great overview of the approaches to the data sanitization problem for hard drives.
I also found an article from NIST which lists every type of media (e.g. PDA's, tape, fax, servers, network devices, and more) and the preferred method for sanitizing them.
These articles referred to "secure erase" for ATA drives. I've not heard of this before, but the University of California at San Diego's Center for Magnetic Recording Research describes the protocol in detail. Apparently, it is available in most ATA drives manufactured in the past several years. They also have a free software utility that accesses the secure erase feature on ATA drives. One CIO describes her search for commercial products to address this issue. A commercial appliance is available from Ensconce Data Technology which incorporates the same data sanitization technology.
My cool technology of the week is the secure erase feature on ATA drives, which solves many of our problems for sanitizing data before we return drives to manufacturers.
Given the visibility of identity theft and a focus on securing data in the enterprise, I hope to inventory our disposal methods and the techniques being used to sanitize them. Among the items of interest would be cell phones, blackberry devices, problem disks replaced by EMC, tape, USB drives, and others. I'm seeking to add staff to our security and disaster recovery areas at HMS and this task along with user education/communication will be high on their agenda.
No comments:
Post a Comment