For any organization, data security is of prime importance. Businesses must ensure that business devices are not susceptible to a data breach, especially when such devices change hands or leave the organization. Improperly sanitized storage media from magnetic, flash-based storage, and other similar devices such as USB drives or servers, are a major security concern. Erasing all confidential data and making past data irretrievable from electronic storage media or media sanitization is a must when ensuring data confidentiality.
What is NIST 800-88?
NIST 800-88 is a document by the government of the U.S. that outlines the method for erasing data from electronic storage media. The goal is to effectively sanitize media so that any data is irretrievable once the data or the data storage device reaches end-of-life. Sanitization here refers to a process that renders access to target data on the media infeasible for a given level of effort. It also stresses on a process that must consider end-of-life sanitization from the very beginning of data storage planning so that it is easier to implement sanitization properly when it’s needed.
NIST 800-88 suggests three data sanitization principles – clear, purge and destroy. Three different principles to sanitize based on the confidentiality categorization of the data.
Clear applies to a logical technique to sanitize data in all user-addressable storage locations. It is the level of data protection that’s equivalent to using the reset option in the device menu to factory state.
Purge applies to physical or logical techniques that render Target Data recovery infeasible using state-of-the-art laboratory techniques. It refers to a more thorough level of sanitization than Clear and is used for more confidential data.
Destroy renders target data recovery infeasible using state-of-the-art laboratory techniques that render the media incapable of storing data afterward. This technique can be necessary for storage media that need to be made beyond possible use.
NIST 800-88 and 42Gears for iOS
When you use Remote Wipe option in 42Gears UEM, it utilizes Apple MDM Protocol to erase all content and factory reset a device. It is the same function as using Erase All Content under Settings to reset the device. And, for iOS, any sanitization should fall under Purge operation as all current iPhones have hardware encryption turned on by default.
And NIST mentions for Apple iPhone and iPad “The sanitization operation should take only minutes as Cryptographic Erase is supported. This assumes that encryption is on and that all data has been encrypted.”