When your business is done with any data, you probably just right click on it and press “delete,” thinking it’s been properly erased from your device.
However, all deleting does is hide your data; it’s not synonymous with wiping the data, which means a complete removal.
If you’re an organization that deals with client and partner data, then it’s important you understand and follow standards and regulations to ensure you erase data properly. For example, there’s the DoD standard.
What is the DoD standard? And why does it matter? We’ll give you a brief explanation in this article.
What Is the DoD Standard?
The DoD standard is also known as the DoD 5220.22-m standard. It first came about in 1995 and was originally created for the US military (hence “DoD,” or “Department of Defense”). This dictated how data was erased from hard drives so that information was never compromised.
According to this standard, the proper way to sanitize hard drives of data is to:
- Overwrite with binary zeroes
- Overwrite with binary ones
- Overwrite with a random bit pattern
- Verify the final overwrite
If done correctly, this should prevent any entity from recovering the data that was intended to be erased.
Because this standard offered a clear-cut way of data sanitation, it was quickly adopted across all industries.
Why Does the DoD 5220.22-m Standard Matter?
As you can see, the DoD 5220.22-m standard matters because you want to erase data completely when you’re done with it. Otherwise, you risk it falling into the wrong hands.
This is especially important if you’re getting rid of devices and replacing them with new ones. Once the old devices leave your place of business, then it can be very easy for other parties to retrieve data on your hard drives.
The Future of the DoD Wiping Standard
Because organizations now use solid-state drives (SSDs) over regular hard drives, this has posed a problem with the DoD 5220.22-m standard. This is because SSDs use different methods of data storage, which make the DoD standard irrelevant.
As a result, the industry-standard has shifted away from DoD 5220.22-m to NIST 800-88. Do note that this is just a set of guidelines and doesn’t offer certifications (the DoD standard doesn’t either). However, considering both the government and other programs look to NIST 800-88 instead of DoD 5220.22-m for data erasure guidelines, it should be ideal for your organization to follow it as well.
Make Sure You Properly Erase Your Data
Now you know what the DoD standard is and why it matters to your organization. If you use SSDs instead of hard drives, then you may want to erase your data according to NIST 800-88 instead. You can even opt to physically destroy your hard drives for optimal results.
It may be in your company’s best interest to evaluate the different standards available and combine their methods with the physical destruction of data to protect whatever sensitive information you deal with.
Did you enjoy this article about the DoD 5220.22 m standard? Then check out our other blog posts now.