the world’s premier solution for sanitizing hard drives prior to repurposing or disposal...

THE WORLD’S PREMIER SOLUTION FOR SANITIZING HARD DRIVES

PRIOR TO REPURPOSING OR DISPOSAL

DIGITALSHREDDERPRODUCT PRESENTATION

PARTNER LOGO

PARTNER CONTACT

INFORMATION

CURRENT STATE OF AFFAIRS

Civil and criminal penalties

Erosion of income and profits

Lost confidence of client base

Irreparable harm to reputation

Failure to properly sanitize hard drives has catastrophic consequences:

5.6 BillionHard Drive Productionfrom 2001 - 2011

600 MillionHard Drives Reachend of life in 2008

2 – 3 RefreshesCan occur during a hard drives lifecycle

One gigabyte of data on a hard drive

=

Approximately one dump truck of compacted paper

Well Publicized LawsHIPAA, FACTA, SOX, FISMAGramm-Leach-Bliley

Consequences of a BreachFines, Loss of License &Loss of Reputation

69% of Data Breach Costs Are the result of lost customer business

44% OF ALL DATA BREACHES RESULT FROM LOST OR STOLEN HARD DRIVES & LAPTOPS

CURRENT STATE OF AFFAIRS

COST OF DATA BREACH

Incident Response

Source: Ponemon Institute

free or discounted services

free credit checks for five years

lost business

notifications via email, letters, web, media, etc.

legal defense

criminal investigations

legal audit and accounting fees

call center expenses

public relations/communication

internal investigations

security consultants

Average cost per record compromised in 2007:

$202

Average cost per record compromised in 2007 by Third Party:

$238

INCIDENT RESPONSE ELEMENTS

THE HARD DRIVE EPIDEMIC

Mercury & PCB in electronic circuits

Rare earth magnets – platters are aluminum coated in iron oxide and other chemicals

Materials become toxic when incinerated in landfills

Proper sanitization of digital data is much more than a Best Practice Solution,

IT’S THE LAW.

Gramm-Leach-Bliley

Sarbanes-Oxley FACTA HIPAA FISMA FERPA RCRA

Financial Services Modernization Act

Public Company Accounting Reform & Investor

Protection Act

Fair and Accurate Credit Transaction Act

Health Insurance

Portability & Accountability

Act

Federal Information

Security Management

Act

Family Educational Rights and Privacy Act

Resource Conservation and Recovery

Act

Directors and Officers Penalty Per Violation

$10,000 Up to $1,000,000

Termination

Institution Penalty Per Violation

$100,000 Up to

$5,000,000 $11,000 $50,000 to $250,000

Agency Budget

Reduction

Loss of Federal Funding

Up to $27,500 Per Day Per

Violation

Years in Prison 5 to 12 Years Up to 20 Years 1 to 10 Years

FDIC Insurance

Terminated

Impact on Operations Cease and Desist

Congressional Review

Loss of License

Individual Civil Fines $1,000,000 Civil Action $25,000

Up to $200,000

InstitutionCivil Fines 1% of Assets

Varies Per Record

USA REGULATORY PENALTY MATRIX

SANITIZING DRIVES: MORE THAN JUST END OF LIFE

Storage transfers to a new user

Storage transfers to a new server

Maintenance Return at end of lease

BACK OFFICE COMPUTING:

Tech refresh or return at end of lease Upgrading to a new computer or higher

capacity drive Completion of a new project Cleaning a workstation for a new user Departure of an employee from an

organization Returning a hard drive under warranty Returning a computer under warranty Protection from unauthorized access A virus that is detected Attack from a hacker Employee turnover

INDIVIDUAL USER NOTEBOOKS AND WORKSTATIONS:

EVOLUTION OF A SOLUTION

In the late 1990’s, the international hard drive manufacturing community called a global summit to discuss the rapidly growing challenge of properly sanitizing hard drives.

ATTENDEES:

CHALLENGE:Develop a means of sanitizing hard drives beyond forensic reconstruction while retaining the ability to reuse the hard drive.

OUTCOME: The Hard Drive Industry collaborated with The Center for Magnetic Recording Research, under the direction of the US National Security Agency (NSA), to meet the challenge. They developed a sanitization standard called:SECURE ERASE

SOLUTION IS CONCEIVED: SECURE ERASE

SECURE ERASE

It is now part of the ATA Rev 4 Spec for all hard drives.

A destruction command that is embedded in the firmware of ATA hard drives including IDE, EIDA, PATA and SATA.

An atomic process - eradicates all user data beyond forensic reconstruction.

Up to 18 times faster than ineffective overwrite routines.

Compliant, certified standards based technology.

Implemented by global hard drive manufacturers in 2002.

Validated and certified by the International Security Community.

BIOS and Operating System developers blocked the ability to initiate Secure Erase.

In the absence of an enterprise level Secure Erase solution, billions were spent on products, processes and outsourced solutions that were not effective, scalable or failsafe.

METHODS THAT FALL SHORT

Let’s compare these methods to the

CRITICAL REQUIREMENTS most often requested by IT

Professionals.

Third Party Providers

Commercial Software

Degaussing Machines

Mechanical Destruction

1. Destroy data beyond forensic reconstruction.

2. Provide a single-point lifecycle solution that handles

all drives

3. Offer control of the process.

4. Deploy a scalable process providing corporate-wide

compliance.

5. Give user the ability to verify erasure– “trust but

verify.”

6. Imbed an automated certification process that

completes an audit process.

7. Provide a green solution that allows reformatting

and repurposing of hard drives for reuse or the

ability to recycle the drive intact.

MARKET FEEDBACK

Design input from IT Professionals and auditing firms during development

COMMERCIAL SOFTWARE

DESCRIPTION:

Replaces existing data with a set of random or repeating data

LIMITATIONS:

Does not delete data beyond forensic reconstruction

Lack of automated data logging, audit trails or certification labels

Single drive can take more than 24 hours

Ties up workstations for hours

Vulnerable to user manipulation

DEGAUSSING MACHINES

Disables hard drive by applying a strong magnetic field

Not a lifecycle management tool – end of life only

Unable to reuse drive, not a green solution

Not “office friendly”

Dangerous high level magnetic fields require special precautions

Destroys read/write head – can not confirm data is deleted

Lack of audit trail or certification labels

Requires constant re-calibrations to ensure proper functionality

DESCRIPTION: LIMITATIONS:

UNSAFE, INCONSISTENT, NOT CERTIFIABLE

MECHANICAL DESTRUCTION

Reduces hard drive into scrap metal or physically disables the media

Includes hammers, nail guns, belt sanders, and mechanical shredders

Not a lifecycle management tool – end of life only

Heavy, bulky and noisy equipment, not “office friendly”

Lack of automated data logging or audit trail

Unable to reuse the drive,Not a green solution, toxic hazards at shredding site and landfill

Encourages stockpiling of drives, a security risk

Not a scalable solution

DESCRIPTION: LIMITATIONS:

THIRD PARTY PROVIDERS

Third Party employs any of the previous methods

The service may be performed on-site, or require that the hard drives be transported to the service provider’s facility

Not a lifecycle management tool – end of life only

Loss of care, custody, and control

Storage problems exist between visits

Risk of loss during transit

High service and transportation costs

Retention of liability - a handoff does not absolve liability

Deploys any of the prior methods

DESCRIPTION: LIMITATIONS:

Carrying Handle

3 Drive Bays Personality Blocks

Printer

1

LED Indicators

Touch Screen

2 3

Height - 12”

Width - 8.5” Length - 13”

Weight – 15lbs

SOLUTION IS BORN: THE DIGITALSHREDDER

GREEN SOLUTION – ALLOWS REUSE OF HARD DRIVE AFTER CLEANSING!

USER FRIENDLY: NO KEYBOARD OR MOUSE

INTEGRATED SCREEN eliminates the need for keyboard and mouse, facilitates portability

Main Menu History

Administrative Login

Drive Operations

Sector Viewer

SECURED ACCESS: Password Protected

USER FRIENDLY: NO CABLES – NO CLUTTER

Quick and easy secure connections to various drive formats:

Current Support: All ATA drives including IDE, EIDE,

PATA and SATA - 2.5” and 3.5” (desktop & laptop drives)

Upcoming Support: SCSI, Fiber Channel, SAS, Major Flash

Media 3 Bays: multiple drives sanitized

simultaneously and independently Lock down enhances security

INSERT LOCK DOWN SANITIZE

OFF

GREEN

RED

ORANGE

Vacant bay, available for use

Drive is loaded and ready, but no operation is taking place, blinks green when process is completed

Process is being executed, bay is mechanically locked and password protected

Reformatting / imaging

LED INDICATORDRIVE STATUS

USER FRIENDLY: LED INDICATORS

BEST PRACTICES: AUTOMATED AUDIT TRAIL

PHYSICAL LABEL DIGITAL LOG

Completion of an erasure process results in the printed bar code label which includes the log entry information for the hard drive

Labels can be easily scanned for error-free, automated equipment tracking

All Digital Shredder activity is stored in the internal log file

Log file can be exported in CSV format using the USB port

Automated log tracks the following:

Operator’s name Date and time Hard drive serial

number Elapsed time Erasure process

Comparison of Data Destruction Methods

Critical RequirementsDigital

Shredder

Commercial Software

Degaussing

Machines

Mechanical

Destruction

Third Party

Provide a single-point solution that can be used during the entire hard drive lifecycle

YES Yes No No No

Eliminate data beyond forensic reconstruction YES No Uncertai

nUncerta

inUncert

ain

Maintain care, custody, & control throughout the process YES No No No No

Provide an automated certification process that completes aBest Practice audit trail

YES Uncertain No No No

Deploy a scalable process providing corporate-wide compliance

YES No No No Yes

Verify drive sanitization by sector – “trust but verify” YES Uncertai

n No No No

Provide a green solution that allows reformatting and repurposing of hard drives

YES Yes No No Uncertain

A CLEAR COMPETITIVE ADVANTAGE

USA GOVERNMENT COMPLIANCEThe Digital Shredder Secure Erase appliance meets and/or supports the following Department of Defense or Civilian Government guidelines concerning Information Security Practices: NSA Information Assurance Advisory – NO. IAA 2006-2004 in

Guidance to Designated Approving/Accrediting Authorities (DAA’s) regarding

the Use of Software Clearing for Downgrading of Hard Disks US Deputy Secretary of Defense Memo dated May 29, 2001;

Disposition of Unclassified DoD Computer Hard Drives, by

Paul Wolfowitz US National Computer Security Center (NCSC-TG-018); Rainbow Series

"Light Blue Book"

A Guide to Understanding Object Reuse in Trusted Systems US National Computer Security Center (NCSC-TG-025); Rainbow Series

"Forest Green Book" A Guide to Understanding Data Remanence in Automated

Information Systems US National Institute of Standards and Technology (NIST) SP 800-88

Guidelines for Media Sanitization National Institute of Standards and Technology (NIST) SP 800-14

Generally Accepted Principles and Practices for Securing

Information Technology Systems US Air Force System Security Instructions 5020 US Army AR380-19, AR25-1, AR25-2 US Navy Staff Office Publication (NAVSO P-5239-26) US Navy OPNAVINST 5239.1A

EDT’s VALIDATION PHASE: GOVERNMENT

Healthcare

Education

Legal

Financial

Service Providers

COMMERCIAL CUSTOMERS

Australian Department of Defence (Australian

Communications –

Electronic Security

Instruction ACSI33)

Royal Canadian Mounted Police Lead

Agency Publicatio

n B2-001

UK-HMG Infosec

Standard 5 {IS5} &

CESG Informatio

n Assurance Manuel S

United States National

Institute for Standards & Technology

Special Publication 800-

88

CLEAR

PURGE

DESTRUCTION

Commercial SoftwareLevel of security: protection against keyboard attack

Disintegration, Incineration, Pulverizing, or Melting Level of security: protection against laboratory attack

Secure Erase, DegaussersLevel of security: protection against laboratory attackSecure Erase is a high level of protection because you can validate the data is gone beyond forensic reconstruction & reuse the hard drive

GOVERNMENT COMPLIANCE

DIGITALSHREDDERThe World’s Premier Solution for Sanitizing Hard Drives Prior to Repurposing or Disposal.