1.18 Removing Data Remnants

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

9 hours 48 minutes
Video Transcription
all right. As long as we're continuing our discussion on data, what do we do when we're done with it? All right. We can't just say, uh, I'm done with all that classified information. Think I'll go work on something else, That right. We have to take care and make sure that that information is protected
even if we no longer use it, even if we have no plans to use it in the future.
obviously, we need to follow whatever company policy is, and most organizations will have an archival policy. All right, so you're done with it. We're gonna store it for a year, perhaps, just in case we need to retreat. Right. Email messages. Uh,
whatever the contents might be, that might be a data retention policy, but any rate, at some point in time, we've determined that this isn't necessary. So, what do we do with the death? Well, we need to remove it. We need to get rid of it.
and the degree that we remove the remnants again is driven by the value of what we're protected. So if we're looking at, um, clearing that this is overriding.
I've got a disc and I'm gonna overwrite zeroes or ones or ones and zeroes and random pattern. But I'm gonna overwrite that disc again and again and again and again and again,
and that provides a decent degree of removing remnants of data and buy a decent degree. What I mean by that is no one's gonna be able to retrieve that data using common methods. Nobody's just going to go
un delete were right click Retrieve. It's not Come back. It's gonna take some effort.
Once you theorized a disc 345 times, you need high end expensive equipment electron microscope, perhaps to retrieve anything, Right? So that's certainly find to keep my neighbor out of my grocery store, Bill. Right, That's fine.
But for higher end needs purging. So we're not just gonna with purging. We're not just gonna render the data inaccessible easily. We're going to render the data and the device
uneasily accessible. And by that, think about something like if you're familiar with working with magnetic disks D grousing, I'm gonna expose that drive, tow a high powered magnet. It's gonna get rid of the cylinders and the tracks on the disk itself
that is gone. Cylinders gone device is gone now. The reality is is you can still get a drive back that's been de gassed. It requires a process called the low level format, and that takes a long, long time.
But if the value of the data is great enough, I'm willing to do what it takes. So for data that's highly classified secret top secret, we can't reuse that media. The only option when we're done with the Gather is physical destruction. And I mean
true physical destruction, incineration, shredding
whatever method the organization is deemed fit, but it has to be physically destroyed. So the problem with all that, that's all great. But what about in the cloud? I don't get to override my cloud service providers discs with zero. I certainly don't get physically destroy them.
so in the event of information stored on the cloud, we have to do the best we came. And the technique that we use is called crypto shredded
and crypto shredding is going to involved encrypting the data
with a strong, publicly known algorithm. And that's important. I'll explain that in a minute, but we're gonna encrypt that data with that algorithm and then we're gonna destroy the keep
that script of shredding. So you're encrypting it with a really strong algorithm and you're making sure that the key can't be determined. A. I S C Square is a big fan of standards,
and even though there are many different algorithms out there to be used for cryptography, that our proprietary I s C Square and most of the crypto community says no
open algorithms, air best open openness invites pure of you and allows us all to enhance this product and make it better. So we like openness. And when in doubt, on most of the certification exams, air on the side of it should be a
publicly known
now with the removal was sanitizing the media, which what we look that you know the same idea. We might want to migrate the data
first. You know, if we're gonna use the data, just move it somewhere else. We could migrate first, then destroy the media. But the bottom line is, when we're talking about migration, things like vendor lock in will make that very difficult.
So, as part of our service level agreement with their cloud service provider, we have to know What do we do with our data when we're done? How do I take my toys and go home? How do I remove my gather from your servers and, uh, and migrate over to a different server different environment
that needs to be spelled out clearly.
Otherwise, we get caught with that single provider.
Up Next
Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By