Educause Security Discussion mailing list archives
Wiping of data on large storage arrays
From: "Jones, Dan" <Dan.Jones () UMASSMED EDU>
Date: Fri, 18 Mar 2011 11:37:32 -0400
Hi All, I'm searching for options to address the contractual need to purge data at the end of a contract. Many of our contracts call for 'secure deletion' of the data owner's data when a contract ends, including issuance of an affidavit to that effect. A DOD 5220.22-M wipe is simple to do when data is stored on a single disk. Even with early storage arrays, one could provision a small set of disks for a project and then wipe the disks at project's end. Similar things apply with backup tapes too. The verbiage of old-style data destruction requirements does not mesh well when data is stored on more modern storage -like an Isilon array (since data will age-out over time and be migrated to slower disks or near-line storage). I wonder how others may be addressing this need. - data is spread over so many disks we don't worry about it - destroy the encryption keys so the data becomes irretrievable cyphertext - something else? If the response is significant I'll summarize responses for the list Vendors need not reply Thanks, Dan Jones ISO UMass Medical School dan.jones () umassmed edu
Current thread:
- $1m fine for lost documents Allison F Dolan (Mar 03)
- Re: $1m fine for lost documents John Ladwig (Mar 04)
- Re: $1m fine for lost documents Allison F Dolan (Mar 04)
- Wiping of data on large storage arrays Jones, Dan (Mar 18)
- Re: Wiping of data on large storage arrays SCHALIP, MICHAEL (Mar 18)
- Re: $1m fine for lost documents John Ladwig (Mar 04)