There are many different regulations surrounding data management and destruction. When ITAD vendors talk about meeting those regulations when performing ITAD services, there can be a laundry list of international wiping standards that come into play, and it can seem daunting to understand which options suit your own needs. The question then becomes less about how to meet the standards and more about which standards are best for your enterprise.

Understanding the different types of well-known international wiping standards is a way to make sure that the proper ones are met, depending on your business’s circumstances or needs. There are multiple different pass options, which refers to the number of times the data is rewritten, ranging from as few as one pass to as many as 35 in certain Department of Defense recommendations. Different countries may have different standards defined, and there are debates among some ITAD professionals over the most preferable method or number of passes, which is why having a range of options is a key thing to look for in a vendor.

Here is a guide to a few of the most commonly recognized international standards for data wiping:

Canadian standard: RCMP TSSIT OPS-II (Four-pass wipe)

This is one of several data destruction programs Canada defines and recognizes as an official standard for data destruction. It uses four different passes: alternating ones and zeros to write over data on the first three passes, then writes random characters on the fourth and verifies that step was successful. This method is extremely similar to a US-based standard called NAVSO P-5239-26, which is defined by the US Navy.

US Department of Defense: DoD 5220.22-M (Three-pass wipe)

US Department of Defense standards are another military-grade prescription for data destruction. This three-pass scrub works very similarly to the aforementioned Canadian and US Naval standards, using zeros in the first pass and ones in the second pass, followed by a random character in the third. The primary difference between the former two and this DoD standard is that each pass is verified along the way.

Algorithms: Gutmann, Pfitzner, and Schneier’s Methods

There are many similarities among the most well-known methods developed by and named after data scientists Peter Gutmann, Roy Pfitzner, and Bruce Schneier. These three different algorithms are utilize complex multi-pass overwrites to prevent the extraction of the original data.

The Gutmann Method is known as one of the most complex and thorough wiping standards. This approach uses 18 to 35 different passes, with heavy variations in the overwriting patterns. Random characters are utilized at certain intervals, and a complex pattern is used throughout the entire overwrite. This method is an especially good option for older hard drives.

The Pfitzner Method is similarly complex, with a 33-pass option and an ability to run the entire program multiple times. Verification also occurs along the way, and like the Gutmann method, uses a combination of random characters for each pass. There are options for both a seven-pass and 33-pass program.

The Schneier Method, like the other two, has a more complex system than some of the other standard data destruction techniques, but first employs zeros and ones in the first two passes followed by five more random character streams. Some software that uses the Schneier Method will verify that a character was written, and will restart the process if the verification shows a failure to write the character to the drive.

Explore which standards best meet your industry’s regulations, needs, and desired outcomes. In doing so, you can define and pinpoint a thorough, smooth plan for the entire ITAD process. Schedule a free consultation with WipeOS to discuss the 16 different international standards employed by its data wiping solutions to find one that fits your personal or business needs.

at :

Written by

admin

Related Posts

  • at :

    DoD prescribes compliance with NIST erasure guidelines

    Data erasure standards aren’t all created equally. Although numerous standards are available in the data destruction industry that offer a legitimately clean and safe erasure process, there are some that simply aren’t recognized by larger scale industrial regulations, particularly within the government, even if the method of erasure adequately conforms to demands for keeping sensitive data safe and rendering it unrecoverable.

    Smaller private enterprises may not have to look further than a solid multi-pass wipe with reporting capabilities, but IT managers working within the US government must be cognizant of a much more specific set of standards that are enforced. The National Institute of Standards and Technology (NIST) data destruction standards are recognized today as that gold standard.

    A shift in standards

    Once upon a time, the Department of Defense (DoD) set the absolute precedent for data erasure. DoD standards were recognized as the go-to for civilian and defense agencies alike, and the adoption of the standards took hold for over two decades.

    The compliance standards enforced by the DoD regulations were costly, with repetitive erasure processes consuming both time and resources. A convoluted workflow congested smaller operations’ cost effectiveness. Furthermore, at the time, government agencies and organizations were adhering to multiple different standards at a time, which tacked on additional costs and layers of work.

    DoD and NIST data erasure guidelines were both followed. DoD sanitization included multiple passes, with several variations developing over the years. The method was effective, if not a bit overwrought: the method was never truly approved as a proper standalone certification, as NIST was used alongside it. While the overwriting methods employed by DoD could meet data destruction standards, the method wasn’t a means to an end.

    In 2014, the government decided to adopt a more uniform approach, and the Department of Defense began replacing DoD with NIST guidelines across the board. This cut down on the confusion and convolution, requiring both civilian and military entities to conform to NIST data erasure protocol.

    NIST data erasure standards are time-tested

    The NIST was first published in 2006, and created a new outline for overwriting and erasing by establishing a set of recommendations. The NIST publication was revised in 2012, and since has become recognized as the leading information security process for government and small business entities alike.

    When risks for data theft and regulatory deficiencies is at an all-time high, adhering to the rigorous guidelines set by the NIST is necessary. Make meeting NIST standards a priority for your ITAD plan.

    more
  • at :

    Coming to terms with data destruction terminology

    Data has grown exponentially in the past decade, and with this growth it has become more vulnerable to attacks. International data standards surrounding data storage, handling, and destruction, including the recent behemoth GDPR, have been signed into law to curb dangerous and negligent data practices among public and private companies and institutions.

    Under these modern realities, proper data destruction is at the helm of data security best practices and integrity. There is a surge in demand for solid data destruction planning, and businesses are stepping up in droves to protect themselves from the potentially catastrophic consequences that can accompany negligence, among them nightmarish data breaches or stolen customer identifications that can potentially sink the entire ship after the fact of exorbitant fines and punishments for whatever remissness may have contributed.

    Similarly, becoming knowledgeable about GDPR guidelines is paramount to conforming to its strict regulations, which define the scope of how data protection best practices are to be carried out around the globe. Knowing the difference between data wiping and deletion, for instance, may not seem relevant, but for companies dealing with the fallout from improper data disposal, it’s worth the time it takes to understand the scope of this critical service so that hardware and storage devices may be recycled, reused, and resold safely and securely.

    Know what you’re talking about when shopping for an ITAD vendor

    Data destruction has many elements, and to avoid a misstep, it’s critical to become familiar with the industry’s terminology in order to understand exactly what processes are necessary to avoid a data disaster with a decommissioned hard drive, server, or any other electronic data storage device containing sensitive information. The following is a short terminology guide to help make sense of some of the terms and definitions related to ITAD services like data destruction, and to understand that sometimes, businesses offering tech hardware recycling and data sanitization don’t go the extra mile to protect their clients from the real dangers, which can be problematic for those who are uninformed.

    Degaussing

    Degaussers use magnets to realign the small magnetic fields within data storage media, which virtually scrambles the data and makes it unreadable. While degausser is effective at smaller size hard drives, it has no effects on Solid State Drives. And also the other downside is that it makes the hard drives unusable, meaning there is no resale potential, which is undesirable when a piece of equipment could provide a solid return on investment and could be reused instead of ending up in a landfill.

    Reformatting

    Formatting a hard drive is commonly known and practiced even among consumer-level users, and essentially means the hard drive’s files are removed so a new operating system can be installed. Of course, this is not at all a secure method, since there are forensic tools available online, even for free, to aid in the recovery of the data that was removed.

    Shredding

    The physical destruction of IT equipment, including shredding, can destroy any trace of data in some devices, but there are several flaws with this method. For one, solid state hard drives can pass through a shredder with data still intact, since the integrated circuit (IC) on which the data is stored can pass through a shredder.

    Deletion

    When data is deleted from a hard drive, it is simply sent into hiding. The data is fully recoverable unless it is overwritten. Speaking of which:

    Erasure

    Erasure is the heavy hitter of the industry. It’s the most certain way to destroy data to the point of being irretrievable, and certifiably so. Erasure, also known as data destruction and wiping, overwrites the data so that it is no longer accessible. The completion of the destruction is able to be verified through reporting, can undergo multi-pass wiping, and is fully reportable, since the process is completed using software. This is not to be confused with file shredding, which similarly overwrites files with a system of binary 1’s and 0’s but cannot be verified or certified.

    To comply with all international standards and regulations, and protect consumer, corporate, and private data security, data destruction is the best option. Look for fully reportable software that provides proof for auditing and resale. The risks are far too great to accept anything less.

    more
  • at :

    Exciting new integration will boost ITAD and IT resale business 

    WipeOS is excited to announce a brand new integration with IQ reseller, the world’s number one ERP for IT resellers and ITAD professionals.  The WipeOS integration is designed to provide the most streamlined and thorough ITAD and recycling process possible, from data destruction to resale. WipeOS data erasure software will integrate with your chosen IQ reseller process to provide a seamless transition from start to finish, including full reporting access, certification, automated processes, inventory services, and more, all in one simple package.  IQ reseller has an automated, customer-driven workflow integrated with WipeOS. The shop floor worker will no longer need to determine factors like which erasure method to use for each customer and when to use it.  Everything is automated and driven from a customer process flow, which can be unique to each of your ITAD customers. Additionally, the billing for services provided are output to the customer settlement invoice.

    About WipeOS

    WipeOS is a data destruction software solution that permanently, safely, and certifiably removes unwanted data from any storage device. The company was founded by IT Asset Disposition (ITAD) industry veterans on the key principle that the most effective data diagnostics, erasure, and transparency, whether used for one device or a thousand, relies on accessibility and simplicity. That’s why WipeOS software was created as an integrated solution to ensure thorough, secure data erasure.

    Whether it’s used for a data center, large enterprise, or small business, WipeOS rigorously matches the data standards of most well-known international regulations across any network type or interface to safely destroy data in full compliance with the most modern data protection standards. The results include readily accessible reporting for transparency and accuracy.

    About IQ reseller

    Founded in 2001, IQ reseller satisfies the unique needs of the global ITAD industry, managing IT reseller operations in one standalone platform. IQ reseller provides robust support for e-Stewards recyclers and enables a seamless resale process, decreasing overhead costs and increasing profit while addressing the many challenges of environmental regulation, privacy laws, and chain of custody.

    IQ reseller offers specialized packages to fulfill the needs of a wide variety of ITAD operations. The packages include extraordinary reporting capabilities, plus an open API for integrations with any e-commerce marketplace, CRM, or Portal of any kind. IQ reseller also includes complete accounting service of your choice or any other accounting integration.
    IQ reseller makes the resale process uncomplicated and slick. With unique critical features and technology that competitors cannot replicate that streamline the process, clients focus on business and growth and significantly cut down on administrative tasks.

    Integrating the companies for seamless results

    WipeOS has recently partnered with IQ reseller to create a thorough and smooth ITAD process from start to finish. The integration saves clients labor and reduces manual processes, including providing a higher capacity for processing and erasure, plus compliance features, like comprehensive reporting to give you a clear picture of data destruction and certification to prove its success and compliance.

    The integration also includes a fully automated, customizable process for data destruction and inventory all in one package, automatic configurations and integrations with IQ reseller systems for smooth imports, network boots that enable more seamless data wiping for large ITAD and brokers, all meeting the standards of some of the toughest IT regulations, including the Department of Defense and NIST Standards for cybersecurity.

    What the CEOs of WipeOS and IQR say about the integration

    Ridvan Hajrullahu, CEO of WipeOS, said the integration with IQ reseller has been exciting, and will be an additional way for clients to save time and money.

    “This is another big step for WipeOS, among all of the other great features we added this year. The goal is for WipeOS to add value for its customers, and this integration is going to automate a lot of the processes and increase efficiency,” Hajrullahu said. He added: “Our team enjoyed working with IQ reseller engineers. This integration was a very smooth process. We’re looking forward to further cooperation with them.”

    Bill Blegen, CEO of IQ reseller, echoed the enthusiasm for the integration decision.
    “In a crowded world of wiping choices; WipeOS offers unique features that are not available elsewhere in the market at this time. ITAD professionals would be wise to review the capabilities and see what customers they can apply this option for to win additional ITAD business,” he said.
    “Their team is open for customization, and the IQ reseller API is open so you can create the exact workflows you desire while taking away decision making on the shop floor to maximize production and eliminate mistakes.”

    more