Cryptographic Erasure: Moving on from Hard Drive Destruction

Updated: Apr 13, 2020

Over the years, the importance on how to collect, store and process a large amount of data efficiently has grown. This includes doing backups on all important information.

However, with the barrage of security breaches and companies we’ve so long trusted with our privacy keep falling short of getting rid of the data when it is not needed.

GDPR has proven itself effective in shaking up the security world with its pro-consumer laws and mandates that emphasize the need to protect each consumer’s personal data and was indeed a wake-up call for businesses across the globe to make sure they have watertight consent management processes and data processing practices in place. The US followed suit and rose from the sidelines with its California Consumer Privacy Act. The possibility of other privacy laws being in the works cannot be ruled out given the growing concern and awareness regarding data privacy. Regulations around how data is used, data retention time frames, and data subjects’ right to be forgotten all necessitate particular attention to data destruction.

Organisation hard drives are often home to a wide variety of information including credit card numbers, personal details, confidential files and a lot more.

When a hard drive is no longer needed, most people simply put it away after formatting thinking their data is safe. But, even when you format the drive, it continues to keep the data in its sectors. More often than not, If you want to destroy the hard drive completely, you should use the physical force to achieve your goal. This simply means obliterating the hard disk literally.

However, with our current complex and massively distributed computing environment, with data and other sensitive information spread across the globe or kept on some external organization’s opaque cloud, deleting information you’ve put up online has now become a tedious undertaking. This is where Cryptographic erasure comes in handy. This wiping method uses the native command to call a cryptographic erasure, which erases the encryption key. While the encrypted data remains on the storage device itself, it is effectively impossible to decrypt, rendering the data unrecoverable.

Some of you might already be familiar with the term from the recent ISO and NIST guidelines that recommend the method as a faster and more efficient alternative method to traditional data destruction, but how does this help us track data in and across complex computing environments? One advantage to Crypto Erasure is that we don’t have to restrict ourselves to using only one key that would encrypt an entire data set or drive, allowing us to use multiple unique keys to encrypt data to an extent that serves our purposes. Two, this method completely skips the issue of tracking data flows. The encrypted data will always be bound to the encryption key regardless of where it is stored (on the cloud, in a hard drive you’ve put aside for years, or in a remote data centre.) so long as we know where we store our keys.

However, there is no silver bullet in security, and this is not the exception. In order for this scheme to work, all single data has to be encrypted at all times which means that the decision to incorporate cryptographic erasure into a system is probably best considered at early architectural design stages. Integration into legacy systems may be difficult and error-prone. Furthermore, as with every cryptographic system, storage and distribution of keys become a prime concern, especially with very fine-grained data partitioning schemes that could require large numbers of keys.

With stringent privacy law in places, archaic methods of destroying data are becoming more and more impractical. Cryptographic erasure can serve as an effective and powerful tool for data destruction, hence, there is a need for security pros to understand its trade-offs and recognize its potential in wiping hard drives clean.