Whenever we think of best practices for any procedure, let alone one that is used to protect sensitive hard drive data from unauthorized access, there are two fundamental elements that validate the procedure:
- Check and balances
Every Certified Six Sigma Black Belt I know would jump at any opportunity to rant why a procedure without metrics is total garbage. And then would talk your ear off how to use a set of techniques and tools for process improvement.
Don’t get me wrong. Six Sigma has always been one of my most respected certification programs as it not only helps in constructing solid processes and procedures, but also allows degrees of auditable checks and balances. And in my line of work, its core purpose is particularly relevant. By Wiki definition, Six Sigma “seeks to improve the quality of the output of a process by identifying and removing the causes of defects and minimizing variability in business processes.”
When you’re talking about techniques and tools used to erase data on servers in your data centers, there’s really nothing more important than removing the causal defects and minimizing variability in the data sanitization process. As I will present at the IAITAM ACE Conference next week in Las Vegas, where data security breach is at stake that costs millions, the goal must be to eliminate risk altogether. And certainly removing defect and variability from the data erasure process is critical to risk elimination.
Technical program managers, engineers, analysts and compliance auditors are all data driven roles. We love to read data and come to conclusions. The importance of data mining is really to find truth. Data can still be manipulated, but if produced by qualified sources, the data speaks for itself.
Data security compliance is certainly an area where we must do our due diligence and ensure the checks and balances of eliminating security threats are valid.
Independent Data Security Certification Examiners
Internal quality control checks will always be a good practice for any organization to ensure processes are followed, and that data-bearing IT devices are handled according to the defined procedures. For certification of the data sanitization process, the necessity of using a third-party is paramount for validating the solution providers’ claims.
Utilizing independent organizations that leverage security research and forensic labs, such as ADISA, will help to ensure the certification is legit. As a data security professional and self-proclaimed technical process freak, what I value in the ADISA certification process is the technical separation whereby the certification is challenged by another independent organization whose core charter is the development and advancement of cyber security defense practices. That’s right, ADISA does not in-source the validation process, but instead hands this critical function over to information security experts at the University of South Wales.
Whenever ITRenew receives an ADISA certificate for Teraware data sanitization, they carry true merit. That’s because each ensures we have forensically erased the data as claimed. ITRenew just recently completed another round of ADISA testing for Teraware and we now actively hold 17 certificates, which is more than all other data erasure products combined.
ADISA Threat Matrix: A Solid Workflow
ADISA and the University of South Wales have developed a product claims testing process for the data sanitization of electromagnetic and solid-state hard drives. Within the methodology, there is a threat matrix and associative test level that shall determine a degree for which a product claims is challenged.
|RISK LEVEL||THREAT ACTOR AND COMPROMISE METHODS||TEST LEVEL|
|1 – Very Low||Casual or opportunistic threat actor only able to mount high-level non-invasive and non-destructive software attacks utilizing freeware, OS tools and COTS products.||1|
|2 – Low||Commercial data recovery organization able to mount non-invasive and non-destructive software attacks and hardware attacks.||1|
|3 – Medium||Commercial computer forensics organization able to mount both non-invasive/non-destructive and invasive/ non-destructive software and hardware attack, utilizing COTS products.||2|
|4 – High||Commercial data recovery and computer forensics organization able to mount both non-invasive/non-destructive and invasive/ non-destructive software and hardware attack, utilizing both COTS and bespoke utilities.||2|
|5 – Very High||Government-sponsored organizations or an organization with unlimited resources and unlimited time capable of using advanced techniques to mount all types of software and hardware attacks to recover sanitized data.||3|
|Table: ADISA Threat Matrix|
Utilizing the risk level assessment chart, the process has defined corresponding test levels by which product claims are tested against.
ADISA Test Level 1
A base-level erasure testing that provides assurance a drive has been sanitized to a logical level. For electromagnetic hard disk drives of today, this is usually sufficient coverage for devices that have never contained classified materials, financial information or vital records. Solid-state drives using a Test Level 1 should be more of a checkpoint-based certification and not the sole certification level of a product. This is due to the underlying technology used in an SSD drive that hides storage capacity from the erasure tools. In other words, it should be sufficient to use level 1 testing for SSD erasure if the sanitization tool already has a higher-level test. Teraware will utilize Test Level 1 as a compatibility checkpoint for like devices.
ADISA Test Level 2
The more favorable forensic-level test is through a process of chip-off attacks where the NAND components are dismantled from the drive itself and flash components are read back in its rawest form. The level 2 testing focuses on the full native capacity of the hard drive that is hidden from the user-provisioned areas.
ADISA Test Level 3
At this time, a level 3 test is, in my opinion, unobtainable. The threat matrix defines the scenario of unlimited resources, and the process consists of exhausting all available penetration test techniques including ones that have not yet been created. However, it does provide a goal for further development.
Comprehensive Data Erasure Certification Testing
For a good data sanitization certification plan, it is critical to think about what you want to get out of the certification process and what your target customers would expect to see in a certification result.
For ITRenew and Teraware certifications, it was important for us to look at the detailed process and capability as the cornerstone of the certification process. As a public form of certification, ADISA was that cornerstone for us. On a private level, we also have several other forensic studies that are commissioned specifically by our Fortune 500 customers through their infosec organizations and their third-party forensic laboratories. So, we have the flexibility and experience to satisfy all testing criteria.
Regardless, the process will always include level 2 testing for forensic-grade certification and level 1 for vendor compatibility. It is important that the devices selected cover various interfaces and drive technologies. The certification as a whole represents a sampling of the sanitization platform’s capability from consumer-grade products through enterprise-grade IT equipment.
ITRenew’s latest round of Teraware certifications covers:
- Drive interfaces: SATA, SAS, Fibre Channel, and NVMe.
- Drive types: hard disk drives (HDDs) and solid-state drives (SSDs).
- Technologies: SLC/MLC/TLC/3DNAND flash, 4K Advanced Format for SAS and SATA, helium filled HDDs, shingled media recording (SMR), NVMe admin command protocols, ATA Sanitize Feature Set, SCSI Sanitize Feature Set, 12Gbs SAS, 6Gbs SATA, PCI based flash storage and high-capacity drives (8TB and 10TB).
This product testing diversity helps ensure data erasure compatibility on the latest and greatest technology deployed in your data centers. Below is a complete list of ADISA certifications for Teraware data erasure.
|VENDER||FAMILY||MODEL||CAPACITY||INTERFACE||RISK LEVEL||TEST LEVEL|
|HP/HGST||HGST Ultrastar SSD800MM||MO0400JDVEU||400GB||SAS-SSD||1,2,3,4||2|
|Samsung||750 EVO Series||MZ-750500BW||500GB||SATA-SSD||1,2||1|
|Intel||DC P3600 Series||SSDPEDME400G401||400GB||NVMe-SSD||1,2||1|
|EMC/STEC||EMC Enterprise Flash Drives||Z16IFE3B-200||200GB||FC-SSD||1,2,3,4||2|
|Table: Active Teraware ADISA Product Claims Test Certificates as of April 2017|
When evaluating the ADISA claims test results, a few points of caution. First, data sanitization tools which have gone through the ADISA claims process and focus only on the base-level test or a single interface type may not give you the assurances you need. Second, be sure testing is relevant, including whether it’s been conducted against the current version of their software and not merely on drives that were first certified for SSD erasure more than two years ago.
About the Author
As the Director of Product Development, Matt Mickelson is responsible for development of ITRenew’s data sanitization product line. This includes Teraware, an enterprise-grade data sanitization and asset management software platform, and Terabot, a line of do-it-yourself data erasing machines that are powered by Teraware software. The center’s core charter is to intimately understand – and stay ahead of – the various technologies that storage manufacturers develop and customers deploy in order to ensure compatibility with Teraware data center decommissioning.