2.15 Unauthorized User Access Part 10: Removing Data Remnants

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
9 hours 48 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Transcription
00:00
all right. As we continue on talking about data through the data security life cycle, the final phase of the data security life cycle, we talk about disposal.
00:10
And when we're disposing of devices, we have to think about what data is on. Those devices were disposing of drives regardless of those hard drives, thumb drives, whatever. And I know a lot of places don't allow thumb Drive's been a lot of places do
00:26
clearing remnants of data
00:29
now, ideally, or I'm hoping it goes without saying that if you've got top secret or highly classified, sensitive information, you're just not gonna reuse the device at all. Physical destruction is the one way you could ensure there no remnants of death. And we're talking about a thorough physical destruction,
00:47
talking about incineration, talking about shredding.
00:51
We're talking about ensuring that device is physically destroyed along with all the data.
00:57
Um, however, if we want to use that device again, we might use something called Override. A lot of times we call that clearing the drive and what we're doing. There's we're overriding the contents with zeroes or ones or combination of both,
01:11
but ultimately were overriding the existing data again and again and again
01:18
that's not as thorough as physical destruction. It's been shown that with the right equipment, data can still be retrieved. Even if the disk is serialized Now, that doesn't mean my neighbor's gonna be able to do it to get my recipe for lasagna. But
01:34
given the right equipment given high enough value, an electron microscope was used to retrieve data that had been serialized on a drive 16 times. So that's pretty,
01:46
um, purging,
01:49
rendering the media unusable by normal means. Usually what we're referring to with that is D counsel. But the thing about de Gaulle sings, that's only relevant with magnetic media, Right? We're getting away from magnetic media,
02:02
so the gassing does. It takes that magnetic card drive and exposes it to a very strong magnet. Gets rid of the cylinders,
02:09
the tracks and sectors. So not only have I got rid of the data, but I've gotten rid of the functionality of the device.
02:19
But again,
02:20
physical destruction is the only way to be sure,
02:24
and the problem with all of these is they all are fine, but you can't do any of them for data stored on the cloud. I don't get to show up and say, Hey, can I have that car drive and erase it? Zero eyes it.
02:37
So the best we can do with that and stored in the cloud is crypto shredded
02:42
and crypto shredding will be where we take a strong, publicly known algorithm. Remember, we talked about why that was significant. A strong, publicly known algorithm. We encrypt the data and we destroy the keep.
02:55
So when we're looking at a situation where I don't have physical access of the drive, that's the best we can do. And we remember we don't ever store the key on the same volume. It's the data we like those publicly known algorithms, and we make sure that we physically destroy the key.
03:15
So disposing of data, the final step of the data security lifecycle thes air three ways in which you could do it, actually, four ways in which you can do it
Up Next
Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By