Understanding Memory and Data Remanence
Data remanence refers to the residue of digital data that may remain in a computer or storage medium even after attempts have been made to erase the data. It is a critical concept in cybersecurity. These are a number of reasons it can occur, including but not limited to: data remaining on the medium after a nominal file deletion, reformatting of storage media not removing data previously written to the media, and physical properties of the storage media allowing for recovery of data previously written.
Example: Consider a bank replacing its old servers with new ones. If the hard drives are not wiped properly, personal information related to the customers, including social security numbers and financial records, may be accessed by any unauthorized source. A recent case of data breach involving the failure of a company in erasing data from its old drives led to a situation where thousands of customer records were compromised.
Data Remanence
Data remanence is regarded as a huge risk for the organizations: when the storage media is released into the uncontrolled environment, accidental disclosure may occur, for instance, where the devices are discarded or lost. This surely may pose a very serious problem to every business dealing with a considerable number of second-hand devices, provided that the simple deletion of a file is not sufficient to guarantee the irrecoverability of sensitive data.
Memory
The term remanence, in the context of memory, refers to how data has remained in storage in the memory. It has been observed that even after power was removed and memory had already been erased, previous data could still be retrieved from SRAM and DRAM. It has been shown that SRAM maintains state at room temperature when cooled with liquid nitrogen, whereas DRAM retains information from several seconds to minutes at room temperature and up to a full week without refresh when cooled with liquid nitrogen. Such a property is susceptible to attack via a number of different attacks including cold boot attacks, for recovering cryptographic keys that have previously been in memory. A number of techniques have been developed to reduce the risk of data remanence in memory, including:
- Overwriting: Overwriting is a process in which stored data is overwritten with random ones and zeroes; any residual information is rendered unreadable. This helps in erasing data remanence to safely allow reutilization of devices.
- The process of encryption: It is a digital encoding practice, which makes it hard for unauthorized users to access any physical device. While encryption does not remove data from the storage device, it adds further security to the device against the threat of data remanence.
- Shredding involves the physical destruction of storage devices to ensure that all data has been completely removed and is irrecoverable. Industrial shredding services are able to track the process of destruction from start to finish, verifying the complete elimination of data.
- Degaussing: This is a procedure of applying a strong magnetic field to the magnetic storage media, including hard drives and tapes, for erasure. It is very effective in eliminating data remanence to make devices ready either for secure disposal or reuse.
Scenario
Given that a healthcare organization must dispose of now-obsolete medical devices that store patient records, using shredding and degaussing could ensure that no recoverable patient information remains on the retired devices, making such a process compliant with regulations such as HIPAA.
To balance out data remanence, a number of standards and guidelines have been developed to include the NIST Special Publication 800-88 “Guidelines for Media Sanitization”. The standards show the best practices that can be recommended for clearing, purging, and destroying data with the aim of mitigating associated risks with data remanence.
Effective Methods of Data Destruction
Data destruction refers to various ways of irrecoverable destruction of data from their media carriers in order to make it unavailable for unauthorized access and misuse. The proper destruction of data helps an organization stay compliant, maintain its brand, and avert any data leakage incident. There are a few methods available in the market for data destruction, each having several advantages and disadvantages:
Overwriting
Overwriting is a non-invasive process where random ones and zeroes overwrite the stored data, rendering any residual information useless. Organizations can safely re-use devices with this method, and it is comparatively inexpensive. However, overwriting may be ineffective if not done properly, and there is still an ability for some data to be missed.
Degaussing
Degaussing exhibits a strong magnetic field that wipes data from the storage media, such as hard drives and tapes. The procedure is highly effective in erasing remanence; hence, most organizations combine the methodology with other methods for destroying data. Degaussing is rather helpful for those organizations that set up in bulk quantities of magnetic storage media.
Destruction
Physical destruction is the most secure approach to data destruction whereby recovery cannot occur using any means. It involves the rendering of storage devices unusable through shredding, crushing, and melting. While physical destruction guarantees irrecoverability of the data, it may not be pragmatic for all organizations since this could be costly and time-consuming.
Shredding
Shredding is such physical destruction when the storage devices are cut into small pieces, which means complete data destruction. A rule of thumb is that if some industrial shredders’ services are employed, one gets a secure and reliable way of sensitive data destruction when all data will be irretrievably removed and the process of its destruction will be documented properly.
Determining Appropriate Data Security Controls
Determining appropriate data security controls is a major, critical process in protecting sensitive information and reducing associated risks related to data remanence. The organization considers several factors, including data sensitivity, regulations that may apply, and the impact a breach of data would cause.
Certification and Accreditation
Accreditation and certification address those processes that give legitimacy to the effective data security controls of an organization. To this effect, organizations seek certification from an independent third-party organization. Examples of the same are certifications by the Payment Card Industry Data Security Standard for credit card data, or by the Health Insurance Portability and Accountability Act for healthcare data.
Standards and Control Frameworks
The development of various standards and control frameworks is important in giving organizations guidelines on effective data security controls. This paper deems it important to mention, but not limited to, the following:
- NIST Special Publication 800-53: Guides the selection and specification of security controls for federal information systems and organizations
- ISO/IEC 27001: Specifies requirements for establishing, implementing, maintaining, and continually improving an information security management system
- COBIT: It is a framework that supports in the organization of Enterprise IT governance and management in such a way that it assists the fulfillment of its objectives for business and IT.
- ITIL: IT Service Management framework, which provides best practices to deliver IT services
Scoping and Tailoring
Scoping and tailoring in security controls simply involve choosing and adapting to fit the needs and requirements of an organization. An organization will take into consideration the type of data they deal in, the size of an organization, and available resources needed for implementing security controls.
Data States
Data can exist in three different states: rest, transition, and use. Each of these states calls for a different kind of security control to combat the threats of data remanence, along with other security threats.
- Data at Rest: Data is stored on physical storage media; it can range from hard drives and tapes to cloud storage. Security controls for data at rest will encompass encryption, access controls, and the secure methods for the deletion of
- Data in transit: refers to data in transmission over a network, including but not limited to email and file transfers. Examples of security controls for data in transit include encryption, secure protocols, firewalls
- Data in use: This refers to the data being processed by some application or system right at this moment. Examples of security controls for data in use include access control, activity logging and monitoring, secure coding
Different states of data, with appropriate security controls for each, can enable the organizations concerned to eliminate chances of data remanence risks and protect sensitive information.
Scenario
It could be any retail company processing credit card transactions online. To help protect customer data, there should be encryption of data in transit, access controls to data at rest, and regular auditing to ensure compliance with PCI DSS standards. Therefore, it is a holistic approach toward reducing the probability of leakage of data.
Conclusion
Data remanence has indeed become an important threat for organizations dealing with sensitive information. Understanding data remanence and the associated risks puts the organization ahead in taking proactive steps in protecting data and maintaining compliance with regulations. This includes planning effective data destruction methods, determining appropriate data security controls, and understanding the different data states and the security controls called for by each state. Therefore, best practices are followed, and standards and frameworks are leveraged to the extent available to minimize organizations from the risk of Data Residue and protect sensitive information.
