Submission + - Data Remanence Solutions 3
MightyMartian writes: The company I work for has just had their government contract renewed, which is good news, giving me several more years of near-guaranteed employment!
However, in going through all the schedules and supplementary documents related to the old contract, which we will begin winding down next spring, we've discovered some pretty stiff data remanence requirements that, for hard drives at least, boil down to "they must be sent to an appropriately recognized facility for destruction."
Now keep in mind that we are the same organization that has been delivering this contract all along, so the equipment isn't going anywhere. What's more, destruction of hard drives means we have to buy new ones, which is going to cost us a lot of money, particular with prices being so high.
I've looked at using encryption as a means of destroying data, in that if you encrypt a drive or a set of files with an appropriately long and complex key, and then destroy all copies of that key, that data effectively is destroyed. I'd like to write up a report to submit to our government contract managers, and would be interested if any Slashdotters have experience with this, or have any references or citations to academic or industry papers on dealing with data remanence without destroying physical media.
However, in going through all the schedules and supplementary documents related to the old contract, which we will begin winding down next spring, we've discovered some pretty stiff data remanence requirements that, for hard drives at least, boil down to "they must be sent to an appropriately recognized facility for destruction."
Now keep in mind that we are the same organization that has been delivering this contract all along, so the equipment isn't going anywhere. What's more, destruction of hard drives means we have to buy new ones, which is going to cost us a lot of money, particular with prices being so high.
I've looked at using encryption as a means of destroying data, in that if you encrypt a drive or a set of files with an appropriately long and complex key, and then destroy all copies of that key, that data effectively is destroyed. I'd like to write up a report to submit to our government contract managers, and would be interested if any Slashdotters have experience with this, or have any references or citations to academic or industry papers on dealing with data remanence without destroying physical media.
Certification? (Score:1)
Dunno about the encryption, but sounds like you need to get your company / site certified as an "appropriately recognized facility".
What about bad sectors? (Score:2)
Not all of the rules for handling the data may make sense to you but whatever encryption you use may possibly be broken at some point. I don't know what the data is, but some data is to be protected forever. If the drives are not destroyed, you now have to monitor and tr
Re: (Score:2)