We have had a number of inquiries from our customers and partners regarding cryptographic erase lately, so I decided to do a little research and make it the subject of my blog for this month.
I had a look at a White Paper on our web site from January 2011, “Reduce the Total Cost of Ownership of Laptops and Desktops; Effective end-of-life drive sanitization and disposal” and was pleased to see that it is still relevant. Despite the title it is mostly about crypto erase. It states that at the time, “Regulatory agencies and encryption professionals are currently studying crypto erase as a potential sanitization method of future updates to publications like NIST SP 800‐88.” That led me to this NIST document which was updated in Sept 2012. NIST SP 800-88, Guidelines for Media Sanitization, is a bit dry and technical, but what I got out of it is that NIST now sees crypto erase as a legitimate sanitization tool given the appropriate caveats including:
- The underlying encryption is FIPS 140 validated
- The encryption was turned on before any sensitive data was written to the media
- If there are any backups of the encryption keys they are stored separately and securely away from the crypto erased device.
It is hard and time consuming to sanitize gigabytes or even terabytes of data from modern drives. The main idea behind crypto erase is that if the data was properly encrypted already, then all one really has to do is wipe the encryption key and call it a day. Or as NIST puts it, “Thus, with <crypto erase>, sanitization may be performed with high assurance much faster than with other sanitization techniques.”
It is worth noting that SecureDoc has supported crypto erase for many years now for both software encryption and self-encrypting drives. This includes a feature where the SES (SecureDoc Encryption Server) administer can send a crypto erase command to a remote SecureDoc protected client machine, and then record the action in the SES database for compliance reasons.