Data sanitization is rendering data physically unrecoverable. Now the first question is why would anyone do that as it seems kind of an overkill.

As has been shown by the leaks about the USA's NSA, civilian espionage and tracking by governments is done on an all encompassing scale. So for ordinary people there is the threat of future fascism.

For businesses there is the threat of corporate espionage. All too often the people responsible for innovations are not the ones that profit from it. Their ideas get stolen and they are forced into the gutter.

And then there are people who are actively causing others harm that wish to perpetuate this by concealing information. This article is not intended for such people.

Identify The Data

Data sanitization starts by identifying what data needs to be sanitized. And even though this is the first step and one would expect diligence to be the highest at the start most people trip up here. Because this also implies identifying all the places the data has been.

People normally just identify sensitive private information that exists right now and is clearly visible and focus on that and destroying it. They neglect to do a timeline check of the data, search for copies and ghosts of the of that data. At some point it could've been uploaded to the cloud, it could've been printed and is in storage somewhere, it could've been copied to and from a USB stick. All of those other places have an recoverable imprint of the data.

The Extent Of The Sanitization

There are two approaches to data sanitization, the ensuring of inability of physically recovery of data and ensuring the inability of software recovery of the data.

The software recovery one is not complete data sanitization as the data might still be recoverable if one were to get in physical possession of the data storage device, but is enough for internet security.

If all you want is to be secure that the deleted data is not recoverable via internet attacks then software methods are enough. Find a tool online that specializes in doing that and you should be fine.

Also a caveat, if you are securing your data for sharing over the internet, or a presentation, always, always, always lock it, present it though a secure medium. Make sure it's usable only under your control.

If however it's one of those things where the mere act of presenting it gives it away read up on zero knowledge proof. It's a mathematical concept of proving you can do something without revealing anything about how you are able to do it.

As for physical security, from a practical standpoint recovering data from storage that has been wiped properly just once should be enough to render it unrecoverable. Sophisticated laboratory equipment would be needed to recover the data.

But it is technically recoverable and if the people that want it have the means and the determination to do it, chances are they will. In such cases the best course of action would be to physically destroy the data storage device and recycle the waste and make a new one from scratch.

But if one lacks the infrastructure to ensure the safe destruction of data storage, or more likely that regardless of the security data sanitization was specifically targeted and compromised, then a complete usage strategy hindering unauthorized data access at every stage of the data storage's life would be the best strategy.

This more or less means encryption and given enough resources specialized construction of the data storage ensuring one, and only one, way to access the data. Which is then completely secured and monitored for the slightest fluctuations. Any deviation in usage from the calibrated “normal” would be flagged for inspection or trigger an automatic restriction of access or a full lock down.  

Reuse Of Equipement

One of the problems with data sanitization is reusing the equipment. Data sanitization may be a nice idea but expenses are real. Using equipment only once is out of the question. Which is why when it comes to data sanitization it should be treated more like an environmental issue with zones of differing degrees of data sanitization. Which can then be cost adjusted.

Also with zones data sanitation can be greatly reduced and would be needed only when data is moved from one zone to another like being placed in an archive or copied to a USB stick. This further reduces costs. And the most costly step, data storage equipment destruction, can then come when the equipment either dies naturally or the archive, storage is being purged.


That's it for now. This article may be subject to future updates and extensions.