Net Zeros and Ones - How Data Erasure Promotes Sustainability, Privacy, and Security

Read more

Design, implement, and integrate a complete data sanitization program
 
In Net Zeros and Ones: How Data Erasure Promotes Sustainability, Privacy, and Security, a well-rounded team of accomplished industry veterans delivers a comprehensive guide to managing permanent and sustainable data erasure while complying with regulatory, legal, and industry requirements. In the book, you'll discover the why, how, and when of data sanitization, including why it is a crucial component in achieving circularity within IT operations. You will also learn about future-proofing yourself against security breaches and data leaks involving your most sensitive information--all while being served entertaining industry anecdotes and commentary from leading industry personalities.
 
The authors also discuss:
 
Several new standards on data erasure, including the soon-to-be published standards by the IEEE and ISO
 
How data sanitization strengthens a sustainability or Environmental, Social, and Governance (ESG) program
 
How to adhere to data retention policies, litigation holds, and regulatory frameworks that require certain data to be retained for specific timeframes
 
An ideal resource for ESG, data protection, and privacy professionals, Net Zeros and Ones will also earn a place in the libraries of application developers and IT asset managers seeking a one-stop explanation of how data erasure fits into their data and asset management programs.

List of contents

Foreword xv
 
Introduction xix
 
Chapter 1 End of Life for Data 1
 
1.1 Growth of Data 3
 
1.2 Managing Data 4
 
1.2.1 Discovery 4
 
1.2.2 Classification 5
 
1.2.3 Risk 6
 
1.3 Data Loss 6
 
1.3.1 Accidental 7
 
1.3.2 Theft 7
 
1.3.3 Dumpster Diving 9
 
1.4 Encryption 9
 
1.5 Data Discovery 9
 
1.6 Regulations 10
 
1.7 Security 10
 
1.8 Legal Discovery 11
 
1.9 Data Sanitization 12
 
1.10 Ecological and Economic Considerations 13
 
1.10.1 Ecological 13
 
1.10.2 Economic 13
 
1.11 Summary: Proactive Risk Reduction and Reactive End of Life 14
 
Chapter 2 Where Are We, and How Did We Get Here? 15
 
2.1 Digital Data Storage 16
 
2.2 Erasing Magnetic Media 17
 
2.3 History of Data Erasure 17
 
2.3.1 The Beginnings of Commercial Data Erasure 19
 
2.3.2 Darik's Boot and Nuke (DBAN) 19
 
2.4 Summary 21
 
Chapter 3 Data Sanitization Technology 23
 
3.1 Shredding 24
 
3.2 Degaussing 24
 
3.3 Overwriting 25
 
3.4 Crypto- Erase 27
 
3.5 Erasing Solid- State Drives 28
 
3.6 Bad Blocks 29
 
3.7 Data Forensics 29
 
3.8 Summary 31
 
Chapter 4 Information Lifecycle Management 33
 
4.1 Information Lifecycle Management vs. Data Lifecycle Management 33
 
4.2 Information Lifecycle Management 34
 
4.2.1 Lifecycle Stages 34
 
4.3 Data Security Lifecycle 35
 
4.3.1 Stages for Data Security Lifecycle 36
 
4.4 Data Hygiene 36
 
4.5 Data Sanitization 37
 
4.5.1 Physical Destruction 37
 
4.5.2 Cryptographic Erasure 37
 
4.5.3 Data Erasure 38
 
4.6 Summary 39
 
Chapter 5 Regulatory Requirements 41
 
5.1 Frameworks 42
 
5.1.1 NIST Cybersecurity Framework Applied to Data 42
 
5.2 Regulations 43
 
5.2.1 GDPR 44
 
5.2.1.1 The Right to Erasure 45
 
5.2.1.2 Data Retention 51
 
5.2.2 HIPAA Security Rule Subpart c 53
 
5.2.3 PCI DSS V3.2 Payment Card Industry Requirements 56
 
5.2.4 Sarbanes-Oxley 58
 
5.2.5 Saudi Arabian Monetary Authority Payment Services Regulations 59
 
5.2.6 New York State Cybersecurity Requirements of Financial Services Companies 23 NYCRR 500 59
 
5.2.7 Philippines Data Privacy Act 2012 60
 
5.2.8 Singapore Personal Data Protection Act 2012 61
 
5.2.9 Gramm-Leach-Bliley Act 61
 
5.3 Standards 62
 
5.3.1 ISO 27000 and Family 62
 
5.3.2 NIST SP 800- 88 63
 
5.4 Summary 65
 
Chapter 6 New Standards 67
 
6.1 IEEE P2883 Draft Standard for Sanitizing Storage 68
 
6.1.1 Data Sanitization 68
 
6.1.2 Storage Sanitization 68
 
6.1.3 Media Sanitization 68
 
6.1.4 Clear 69
 
6.1.5 Purge 69
 
6.1.6 Destruct 69
 
6.2 Updated ISO/IEC CD 27040 Information Technology Security Techniques-- Storage Security 70
 
6.3 Summary 71
 
Chapter 7 Asset Lifecycle Management 73
 
7.1 Data Sanitization Program 73
 
7.2 Laptops and Desktops 74
 
7.3 Servers and Network Gear 76
 
7.3.1 Edge Computing 78
 
7.4 Mobile Devices 79
 
7.4.1 Crypto- Erase 80
 
7.4.2 Mobile Phone Processing 80
 
7.4.3 Enterprise Data Erasure for Mobile Devices 81
 
7.4.3.1 Bring Your Own Device 81
 
7.4.3.2 Corporate- Issued Devices 81
 
7.5 Internet of Things: Unconventional Computing Devices 82
 
7.5.1 Printers a

About the author

RICHARD STIENNON is a renowned cybersecurity industry analyst. He has held executive roles with Gartner, Webroot Software, Fortinet, and Blancco Technology Group. He was a member of the Technical Advisory Committee of the Responsible Recycling standard. RUSS B. ERNST has over twenty years' experience in product strategy and management and is frequently sought for comment on issues related to data security in the circular economy. As Chief Technology Officer at Blancco Technology Group, he is responsible for defining, driving and executing the product strategy across the entire Blancco data erasure and device diagnostics product suite. FREDRIK FORSLUND has over 20 years' experience in the data sanitization industry. He is the Director of the International Data Sanitization Consortium (IDSC) and is a sought-after speaker on topics related to IT security and data protection.