November 2, 2023
If you have ever raised teenagers, you know the phrase, “unintended consequences.”
In today’s world of federal technology, this concept can be applied to data storage. What are the consequences if you do not thoroughly erase data? It could be an open door for data leakage.
For example, what happens when your agency moves data from one cloud to another? Is it erased? How do you know?
Let’s talk about the 500-pound elephant in the room – a cybersecurity event. Today’s malicious actors have been known to place trojan horses in other areas of a system. The concept of data sanitization is a concern for many federal leaders.
Ok. We know we have standards for data erasure. Civilian agencies have heard of NIST 800-88 and the folks at the Pentagon know DoD 5220-22 M/M ECE. That is all well and good if applied properly.
"There are different levels of it NIST clear a permanently irrecoverably old data that is accessible to the end user, the purge standard is the sort of highest level of data erasure"
Many breaches occur because of human error; the same humans are tasked with applying these procedures for data sanitization.
Maurice Uenuma from Blancco gives a great overview of some of the problems with effectively administering data erasure. He brings up some issues that you may not have considered:
- In a world of feds at the edge, what happens to data stored on remote devices?
- How to automate erasure to make it compliant and secure
- End-of-life cycle issues apply to software development and hardware as well.
- Scalable storage is great – what happens to the dynamic elements of data storage?
f you enjoyed this article, you may want to listen to Ep. 98 What Federal Leaders Need to Know about Cloud Computing
John Gilroy
John Gilroy appeared on National Public Radio in Washington DC for 25 years. He wrote 523 technology columns for The Washington Post. Currently, John is an award-winning lecturer at Georgetown University. Forgot to mention — he has recorded over 1,000 podcast interviews.
Leave a Reply