Sensitive Data Protection: Media Hysteria or a Call to Action?

by Thomas J. Meehan
September 1, 2006

Given the current security regulations and guidelines, you should impose a requirement to erase disk storage system and tape media before it leaves your control.

Share Only the Data You Intend There are several utilities that will erase (i.e., overwrite) data on tape and disk, but you must consider only those that are secure and fast enough to make it practical. For tape, look for a solution that can erase the residual data sitting beyond current end of file marks on a tape volume. Removing any previously recorded data from tapes lets you know with confidence that archives contain only the data you intend to preserve. Likewise, this is important when exchanging tapes with other companies and government agencies. Erasing the residual data on a tape before a B2B exchange will ensure you’re sharing only the data you intend. Refer to the accompanying sidebar for additional insights.

Current Government Guidelines

Slow as it is, IBM’s Device Support Facility (ICKDSF) still doesn’t meet current government guidelines for erasing classified information from disk. Modern System z disk subsystems use open system Fixed Block Architecture (FBA), Small Computer System Interface (SCSI, Fibre, ATA) disk to emulate Count-Key-Data (CKD) mainframe disk. This creates an exposure in that the component SCSI disks in an enterprise storage system can be easily removed and attached to common Windows and Unix systems, where the data they contain can be read. The solution to efficiently and securely erase System z disk is to employ a utility that complies with the current Department of Defense (DoD) specification for erasure.

Choose a z/OS secure disk erase solution that will make data unreadable to conventional z/OS disk access but also let you strike a balance between the value of your data (i.e., the need for security and the time required to secure it) by offering multiple, incrementally more sophisticated levels of data erasure. Each succeeding higher level is a more intensive overwrite that offers a higher level of security, making it increasingly unlikely that data can be reconstructed even if the SCSI drives are removed from the storage system.

An initial level of a secure erase would overwrite each track on a disk volume a single time with a record of binary zeros (or some pattern), waiting to ensure this data is hardened (written from cache) to the underlying SCSI disks before concluding. This makes it impossible for z/OS applications and, even if the SCSI disks are removed from the storage subsystem, for open system programs using normal read commands to recover data. This is adequate for erasing all but the most sensitive or highly classified data. An ERASE overwriting data a single time meets a National Institute of Standards and Technology (NIST) guideline for clearing information from computer disks and is appropriate for use on a subsystem being sold, scrapped, or returned to the manufacturer and upon leaving an unsecured disaster recovery site.