Educause Security Discussion mailing list archives
Wiping of data on large storage arrays
From: "Jones, Dan" <Dan.Jones () UMASSMED EDU>
Date: Fri, 18 Mar 2011 11:37:32 -0400
Hi All,
I'm searching for options to address the contractual need to purge data at the end of a contract. Many of our contracts
call for 'secure deletion' of the data owner's data when a contract ends, including issuance of an affidavit to that
effect.
A DOD 5220.22-M wipe is simple to do when data is stored on a single disk. Even with early storage arrays, one could
provision a small set of disks for a project and then wipe the disks at project's end. Similar things apply with backup
tapes too.
The verbiage of old-style data destruction requirements does not mesh well when data is stored on more modern storage
-like an Isilon array (since data will age-out over time and be migrated to slower disks or near-line storage).
I wonder how others may be addressing this need.
- data is spread over so many disks we don't worry about it
- destroy the encryption keys so the data becomes irretrievable cyphertext
- something else?
If the response is significant I'll summarize responses for the list
Vendors need not reply
Thanks,
Dan Jones
ISO
UMass Medical School
dan.jones () umassmed edu
Current thread:
- $1m fine for lost documents Allison F Dolan (Mar 03)
- Re: $1m fine for lost documents John Ladwig (Mar 04)
- Re: $1m fine for lost documents Allison F Dolan (Mar 04)
- Wiping of data on large storage arrays Jones, Dan (Mar 18)
- Re: Wiping of data on large storage arrays SCHALIP, MICHAEL (Mar 18)
- Re: $1m fine for lost documents John Ladwig (Mar 04)