Not logged in » Login
Jun 16 2015

Disk Sanitization with EraseDisk

Data leakage and data loss have been identified as major security threats to modern IT architectures for a long time. But these incidents aren't always the result of hacker attacks or theft committed by frustrated employees. Instead, various successful attacks were only possible due to improper disk sanitization.

As we all know from TV shows like Forensic Files, simple file deletion can never be an appropriate method to erase sensitive or critical data, in any environment, because the "Delete" command doesn't remove the information, but merely indicates that a formerly protected sector of a disk may now be overwritten. Until that happens, the original data are still traceable with digital forensics tools. With its unique EraseDisk technology, Fujitsu has solved this problem.

EraseDisk overwrites – and thereby irretrievably deletes – all sensitive data on an HDD before a system is retired, repurposed or sold. Users may settle on one of four different deletion options, each of which complies with a different standard or environment:

  • Zero Pattern (aka "zeroing out") – all data is overwritten with zeros in one single pass. This option is typically sufficient for hard disks that don't contain user data or other confidential/personal information.
  • VSITR (short for: "Verschlusssachen-IT-Richtlinien") – this standard uses varying random bit patterns and requires 7 rounds. It was developed at Germany's Federal Office for Information Security as a means to erase classified information and documents. The standard has recently been replaced, but works sufficiently well and has been implemented in many disk sanitization programs.
  • U.S. DoD 5220.22-M (ECE) – this standard comprises two simpler standards, DoD 5220.22-M (C) and DoD 5220.22-M (E), alternating between them in a total of 7 passes. For the "E" variant, the disk is first overwritten with zeros, then with ones, and then with random bytes. Afterwards the "C" variant (one single round of random bytes) is applied, before another "E" pass closes the sanitization process. The entire set of DoD 5220.22-M standards was developed under the National Industrial Security Program (NISP) and establishes "procedures and requirements for all [U.S.] government contractors, with regards to classified information". Like VSITR, DoD 5220.22-M (ECE) is very popular and a component of many sanitization programs.
  • Peter Gutmann's Algorithm – first introduced in 1996, this algorithm uses a predefined sequence of 35 passes (4 rounds of random patterns, 27 rounds of zeros and ones in fixed orders, and again 4 rounds of random patterns) to clean up each and every sector of a drive. Due to the large number of passes, the Gutmann Algorithm is the most radical as well as the most time-consuming sanitization method. Originally developed to solve the problem of data remanence (i.e. the possibility to detect and recover overwritten data with the help of customized hardware), it's the method of choice in areas where security and confidentiality are of paramount importance, for instance the military, research and development, or the protection of critical infrastructures.

Due to technical reasons it is not possible to overwrite the SSD with defined patterns and thus any of the above methods. Data from SSDs therefore must be eliminated using integrated commands such as "Secure Erase" or "Enhanced Secure Erase," which are based on sanitization mechanisms provided with the SSD firmware.

In each case, the erase process is performed as an extra task after initializing and rebooting, so it can run separately until finished. The results are recorded in an audit-proof protocol and may be copied to an external USB drive to confirm the successful deletion.

As an integral part of several product lines from the CELSIUS, ESPRIMO, and LIFEBOOK1

series, EraseDisk offers various advantages over special software solutions:

  • Time and cost savings – users only need to order the functionality with their new workplace system, as it's not activated by default
  • Easy, hassle-free handling
  • Password protection – to enhance security and avoid mishaps, the application may only be executed by authorized admins or supervisors who can verify their identity
  • Persistence and loss protection – being implemented in the firmware, EraseDisk cannot be disabled by mistake and remains functional throughout the computer's lifetime

Fujitsu EraseDisk ensures that sensitive information is irretrievably destroyed before a system is retired or sold, and thus prevents data leakage at the other end of the food chain. Aside from providing massive security gains, EraseDisk is also a very "green" technology, because it enables companies to reuse their drives instead of physically destroying them – at least until they reach their normal end of life.

[1] On Fujitsu LIFEBOOKs, EraseDisk so far does not include a mechanism to sanitize SSDs.

Thomas Schkoda


About the Author:

Thomas Schkoda

Senior Product Manager Security & Manageability, Fujitsu


Comments on this article

No comments yet.

Please Login to leave a comment.


Please login

Please log in with your Fujitsu Partner Account.


» Forgot password

Register now

If you do not have a Fujitsu Partner Account, please register for a new account.

» Register now