Data maintenance refers to the ongoing efforts to maintain the data's confidentiality, integrity, and availability throughout its life cycle. Data maintenance efforts includes ongoing efforts to organize and regular checks to keep the data in good health. The ongoing correction and verification of data are essential to ensure that data remains accurate, complete, accessible, and usable for its intended purposes.
Data maintenance is a lot like brushing your teeth. We brush our teeth at least twice a day to stop decay from taking hold. If we didn't, the sugar that we consume would gnaw away at the enamel and cause rot to set in.
**Example**
A financial system runs nightly integrity checks on transaction logs to ensure no corruption occurs, similar to daily brushing preventing decay.
[Daily Maintenance Tasks]
|
v
[Validation + Monitoring + Correction]
|
v
[Healthy, Reliable Data]
**Data Cleansing**
Data cleansing is the process in which the data that is incomplete, incorrect, improperly formatted, duplicated, or irrelevant is either removed or updated. Data intensive industries such as banking, insurance, retail, telecommunications, and transportation generally use data cleansing tools to examine data for flaws. Having clean data will ultimately increase overall productivity and allow for the highest quality information in decision making.
**Example**
A telecom company removes duplicate customer records and fixes invalid phone numbers before billing cycles to avoid revenue leakage.
Raw Data ---> [Cleansing Process] ---> Clean Data
(Fix | Remove | Normalize)
**Data Remanence**
Data remanence is the residual representation of digital data that remains even after attempts have been made to remove or erase the data. Data remanence usually occurs when data destruction efforts are inadequate to prevent the reconstruction of the data. If the media contains sensitive or confidential data, we must reduce the risk of data remnants to an acceptable level.
**Example**
Deleting a confidential file from a laptop does not fully remove it; forensic tools can still reconstruct it if proper sanitization is not applied.
[Delete Operation]
|
v
[Residual Data Exists]
|
v
[Potential Recovery Risk]
**Countermeasures to Prevent Data Remnants**
Let us discuss the various countermeasures to prevent the risk of data remnants.
**Overwriting**
Overwriting the storage media is a common method used to counter data remnants by replacing actual data with zeros or random characters. The Department of Defense, DOD, sanitization method is one of the most common sanitization methods used in data destruction software. This method will write to all addressable hard drive locations with binary zeros, then with binary ones, and then finally with a random bit pattern. It must then be followed by the verification process. This three-pass procedure is designed to prevent data from being recovered by commercially available techniques. Today, this method is readily available as a data wiping option, but has been superseded by other data sanitization standards. As a result, the Department of Defense no longer references this as a method for secure hard disk drive erasure.
**Example**
An organization wipes employee laptops before resale using multi-pass overwrite software.
Pass 1: 00000000
Pass 2: 11111111
Pass 3: 10101010
Verification ✔
**Degaussing**
Degausing involves using a strong external magnetic field that erases the magnetic field used to store data on hard disk drives and magnetic tapes. For modern hard disk drives and some tape drives, degaussing renders the magnetic media completely unusable and damages the storage system. It is important to remember that degaussing effectively erases data stored in the magnetic media, but it does not affect optical CDs, DVDs, or solid state drives. The solid-state drives, which are flash-based, do not use a magnetic field to store data. Therefore, degaussing would be ineffective.
**Example**
A backup facility uses degaussing machines to destroy old magnetic tapes containing archived customer data.
Magnetic Media ---> [Strong Magnetic Field] ---> Data Erased + Device Damaged
**Cryptoshredding**
Cryptoshredding, also known as cryptographic erasure, is the practice of deleting encrypted data by deliberately deleting or overwriting the encryption keys. Even if the key is stored on the media, it may be easier or quicker to overwrite just the key instead of overwriting the entire disk. Encryption may be done on a file-by-file basis or the whole disk. If the data is not adequately encrypted, it is possible to decrypt the data without the key through brute-force attack. Additionally, if someone discovers a backup key, they can still access the data. When using cloud storage, Cryptoshredding by erasing the keys may be the only form of secure deletion available to an organization.
**Example**
A cloud provider deletes encryption keys when a customer requests account deletion, making stored data permanently inaccessible.
Encrypted Data + Key ---> Accessible
Encrypted Data - Key ---> Unusable
**Physical Destruction**
Physical destruction of the underlying storage media is the most effective method to counter data remnants. Destruction is the final stage in the media lifecycle and is considered the most secure method of sanitizing media. However, this process is generally time-consuming, cumbersome, and may require extensive methods as even a tiny fragment of the media may contain large amounts of data. Methods of destruction include breaking, crushing, shredding, disintegration, and dissolving using acidic chemicals.
**Example**
A government agency physically shreds hard drives containing classified defense data.
Media ---> [Shred | Crush | Burn] ---> Completely Unrecoverable
**Data Sanitization**
According to the International Data Sanitization Consortium, data sanitization is the process of deliberately, permanently, and irreversibly removing or destroying the data stored on a memory device to make it unrecoverable. A device that has been sanitized has no usable residual data, and even with the assistance of advanced forensic tools, the data will never be recovered.
Let us discuss some of the data sanitization methods.
**Clearing**
Clearing is a media sanitization removal that prevents data from being recovered using standard disk and file recovery utilities. Clearing is typically accomplished through an overwriting process that replaces actual data with zeros or random characters. Clearing prevents data from being recovered using standard disk and file recovery utilities.
**Example**
Formatting a disk before reassigning it to another employee.
Standard Tools ---> Cannot Recover
Advanced Tools ---> Possible
**Purging**
Purging is a media sanitization process that protects the confidentiality of data against an advanced laboratory attack. Laboratory attack threat actors have the knowledge and resource of using non-standard methods during the recovery attacks. Degaussing is accepted as a purging method for magnetic data. Clearing does not guarantee resistance to laboratory attack by its nature, whereas purging does. Therefore, purging is generally done before releasing media beyond control, such as before discarding all media or moving media to a computer with different security requirements.
**Example**
An enterprise purges drives before sending them to third-party recycling vendors.
Standard Recovery ---> Blocked
Advanced Recovery ---> Blocked
**Physical Destruction (Sanitization Level)**
Physical destruction is rendering media unusable and is considered the most secure method of sanitizing media. Physical destruction can be accomplished using various methods, including disintegration, incineration, pulverizing, shredding, and melting. After media are destroyed, they cannot be reused as originally intended.
**Example**
A company melts defective storage chips to ensure no intellectual property leaks.
**Scoping and Tailoring**
Scoping can be defined as limiting the general baseline recommendations by removing those that do not apply. For example, an organization may remove the Wi-Fi controls if the organization does not use any Wi-Fi connections.
Tailoring is customizing and altering general recommendations to apply more specifically to an environment or an organization. For example, the baseline control requires video cameras at the entry and exit point of a facility. The tailoring process involves performing cost-benefit analysis to determine the number and types of cameras needed for that facility.
To summarize, scoping is removing what is not relevant and tailoring is customizing what is left. Scoping and tailoring will ensure that the appropriate risks are identified and addressed based on requirements.
**Example**
Baseline Controls: [Wi-Fi | CCTV | Access Control]
Scoping:
Remove Wi-Fi (not used)
Tailoring:
Increase CCTV based on risk analysis