Where's My Copy?

In offices around the world, the copy machine is one of the most heavily used devices. And until an April 2010 expos' by CBS News, most companies never thought twice about any data security liabilities associated with them after they had been disposed or traded. As the CBS News report demonstrated, the casual attitude toward how copiers were being disposed of at the end of their useful life was creating a very serious data security risk. If the company using the copier is covered by one of the many state and federal data privacy laws, this risk can also lead to serious fines and penalties.

Since 2002, most new copiers and multi-function printers (“MFPs”) contain integrated computer circuitry including a storage device, usually in the form of a computer hard drive. This circuitry allows for time-saving features such as copying directly to a file, sending an e-mail from the copier, and improved sorting and collation features. When a document is scanned to create a hard copy or electronic copy for faxing or e-mailing, a copy is saved on the hard drive of the copier or MFP. These data storage devices can store thousands of documents, and the documents stored on them can be recovered months, if not years, after they were scanned.

Even though this risk has been widely discussed in security and privacy circles, most companies are still unaware that their copiers are quietly storing records of all the documents they copy. According to the CBS News report, Sharp Imaging, a major copier OEM, published a study in 2008 concluding that more than 60% of the users of copiers were unaware of any permanent storage of the documents they were copying. Despite the widespread ignorance of the problem, the risk it poses is very real.

In April 2010, Affinity Health Plan notified more than 400,000 of its customers, service providers, and staff members that their records had been mishandled when a copier leased by the company was returned to the leasing company and subsequently found to have its copying records intact when re-sold. In Affinity's statement, the company admitted it was unaware of the risks copy machines posed to its data security.

The Problem

While this exposure has just recently come into public view, most users of digital technology don't have a firm grasp on a reliable, verifiable, cost-effective solution to the problem. Most of the OEMs of digital copier technology provide security features such as file encryption or data eradication tools for their hardware. These security features usually require an additional charge at the time of purchase or lease, or a proprietary service solution at the end of use. Too many users either don't spend the money for the extra feature or put off implementing the solution until the unit is no longer in use, at which time it often is forgotten.

As a high percentage of copier and MFP equipment is leased, creating an acceptable protocol for the proper eradication of data stored within the device when the equipment is retired is an ongoing concern. It is easy enough to identify the hard drive that is installed in the device, but developing an enterprise-wide data-eradication solution that does not harm the functionality of the device is much more difficult. Each OEM provides different data security features, and the large number of makes and models can create a very difficult challenge for many enterprises.

Technologies

To ensure a reliable data-eradication solution, it is imperative that equipment owners first understand the technologies available from the OEMs or the service providers that have specific expertise in this area. In addition to storing copies, many of the hard drives installed in digital copiers and MFPs also contain software that controls the performance and functionality of the device. While removing the hard drive from a copier is a simple matter, it can leave the unit non-functional.

The OEMs of digital copying technology have long employed a variety of data encryption or data destruction features that are either built into their devices or installed as optional features that can be purchased for an additional fee. These features can include encryption of the data (images), permanent removal of the data or image after each use, data “wiping,” or overwriting routines that can be initiated on each device, or simple removal and replacement of each storage drive. Again, the lack of consistency and large number of OEMs and models create a significant challenge in understanding which technologies may be available for data eradication. And since some OEMs charge for data eradication or hard drive re-installation services, they will closely guard their solution to protect their service revenue stream.

In addition to data security products and services offered directly by the OEM or its authorized service providers, several technologies or methodologies can provide acceptable data-eradication results at the end of use. A growing number of third-party service providers are offering a variety of data security services, including software overwriting, data removal and destruction, and resetting options, either at the client's facility or upon receipt of the equipment at the service provider's depot center.

The ultimate data eradication method for any data storage device is removal and total destruction of the device. Destruction can be performed in a variety of ways, but it usually involves shredding, drilling, or incinerating the storage device. Full data eradication involves replacement of the data storage device and a separate certification and reporting process for the completion of the eradication. Only a few service providers can offer this level of data eradication as a viable solution.

Storage drive removal and degaussing is another method of total data eradication. Degaussing uses a machine that produces a strong electromagnetic field to destroy the magnetically recorded data on the hard drive. While this process is proven to be a reliable data eradication option, it does present some drawbacks. First, degaussing usually renders the storage drive unusable, so a new drive would need to be installed and reinitialized. Secondly, hard drives that have been degaussed exhibit no change in their physical appearance, so verification that the process has been completed can be difficult. Finally, no reporting or certification process is created as a result of degaussing ' or any of the other data eradication techniques, for that matter. A separate certification and reporting step would need to be created and recorded each time degaussing or any of the other data eradication techniques are used.

Since copiers employ many of the same data-storage technologies used in modern computers, software and hardware designed to erase computer hard drives can frequently be employed in eradicating data stored within copiers and MFPs. In nearly every such case, the storage device will need to be removed from the copy machine or MFP and placed into a computer or separate hardware device for processing. The storage device is then erased by writing a series of data to each section of the drive, in many cases performing this task multiple times to ensure that none of the original data can be retrieved. The resulting level of security obtained is determined by the number of passes that are performed. While one pass may be sufficient, the industry standard is usually three passes. It is best to use a software application that can provide a certification document listing all the technical specifications of the overwriting process.

This software-based solution provides several advantages. First, the hard drive remains physically intact and can be reused and reinstalled into the digital device after it has been cleaned of data. The hard drive can usually be reinitialized through an OEM routine built into most devices. The capability to reuse the hard drive usually adds to the residual or remarketing value of the equipment. Secondly, software-based solutions should provide detailed reporting of the overwriting process that can be linked to the original digital device and thereby verify that its data had been eradicated. Finally, one of the most compelling reasons to consider a software-based data-eradication solution is the ability to perform this process in-house, thereby eliminating the risk of the unit being stolen or lost in transit.

Regardless of the data-eradication method used, it is important to track the entire chain-of-custody of the data storage device in any copier or MFP. Frequently, data stored within a copier or MFP can get lost or stolen when its storage device is removed and subsequently lost or misplaced while in the data destruction process.

The National Institute of Standards and Technology (“NIST”) is responsible for defining data security standards for the U.S. government and industry. NIST has published Guidelines for Media Sanitization (NIST Special Publication 800-88), which outlines the data eradication methods that should be used based on the type of device and security needs of the organization. This publication is extremely important to organizations that work with government agencies or with information from government agencies. NIST 800-88 supersedes the older data security standard published by the Department of Defense (DoD 5220.22-M) and covers a much larger range of data storage devices, including copiers and fax machines.

Solutions

Regardless of the volume of digital devices used by an organization, a clear, thorough data-eradication process needs to be in place. Whether a company utilizes the OEM options for data eradication or enlists a qualified third-party firm that specializes in these services, an enterprise-wide solution is critical.

A complete enterprise-wide data-eradication program for all equipment data storage devices should include the following components:

• A complete inventory of all equipment that may contain permanent data-storage devices;
• Asset tracking and/or leased equipment tracking for all such inventoried equipment;
• Identification of responsible staff who can meet company objectives for data eradication;
• Development of internally acceptable methodology for data-eradication processes;
• Chain-of-custody tracking for all equipment that contains data-storage devices throughout the equipment life cycle; and

Implementation of a data-collection method to permanently record data-eradication certification reports, whether for overwriting or storage-device destruction.

Dan Fuller is president of EPC, an asset recovery solution provider, in Saint Charles, MO. Since its founding in 1984, EPC, a CSI leasing company, has provided its customers with seamless solutions for maximizing return and minimizing the risks associated with data security and improper handling of end-of-life IT assets.

In offices around the world, the copy machine is one of the most heavily used devices. And until an April 2010 expos' by CBS News, most companies never thought twice about any data security liabilities associated with them after they had been disposed or traded. As the CBS News report demonstrated, the casual attitude toward how copiers were being disposed of at the end of their useful life was creating a very serious data security risk. If the company using the copier is covered by one of the many state and federal data privacy laws, this risk can also lead to serious fines and penalties.

Since 2002, most new copiers and multi-function printers (“MFPs”) contain integrated computer circuitry including a storage device, usually in the form of a computer hard drive. This circuitry allows for time-saving features such as copying directly to a file, sending an e-mail from the copier, and improved sorting and collation features. When a document is scanned to create a hard copy or electronic copy for faxing or e-mailing, a copy is saved on the hard drive of the copier or MFP. These data storage devices can store thousands of documents, and the documents stored on them can be recovered months, if not years, after they were scanned.

Even though this risk has been widely discussed in security and privacy circles, most companies are still unaware that their copiers are quietly storing records of all the documents they copy. According to the CBS News report, Sharp Imaging, a major copier OEM, published a study in 2008 concluding that more than 60% of the users of copiers were unaware of any permanent storage of the documents they were copying. Despite the widespread ignorance of the problem, the risk it poses is very real.

In April 2010, Affinity Health Plan notified more than 400,000 of its customers, service providers, and staff members that their records had been mishandled when a copier leased by the company was returned to the leasing company and subsequently found to have its copying records intact when re-sold. In Affinity's statement, the company admitted it was unaware of the risks copy machines posed to its data security.

The Problem

While this exposure has just recently come into public view, most users of digital technology don't have a firm grasp on a reliable, verifiable, cost-effective solution to the problem. Most of the OEMs of digital copier technology provide security features such as file encryption or data eradication tools for their hardware. These security features usually require an additional charge at the time of purchase or lease, or a proprietary service solution at the end of use. Too many users either don't spend the money for the extra feature or put off implementing the solution until the unit is no longer in use, at which time it often is forgotten.

As a high percentage of copier and MFP equipment is leased, creating an acceptable protocol for the proper eradication of data stored within the device when the equipment is retired is an ongoing concern. It is easy enough to identify the hard drive that is installed in the device, but developing an enterprise-wide data-eradication solution that does not harm the functionality of the device is much more difficult. Each OEM provides different data security features, and the large number of makes and models can create a very difficult challenge for many enterprises.

Technologies

To ensure a reliable data-eradication solution, it is imperative that equipment owners first understand the technologies available from the OEMs or the service providers that have specific expertise in this area. In addition to storing copies, many of the hard drives installed in digital copiers and MFPs also contain software that controls the performance and functionality of the device. While removing the hard drive from a copier is a simple matter, it can leave the unit non-functional.

The OEMs of digital copying technology have long employed a variety of data encryption or data destruction features that are either built into their devices or installed as optional features that can be purchased for an additional fee. These features can include encryption of the data (images), permanent removal of the data or image after each use, data “wiping,” or overwriting routines that can be initiated on each device, or simple removal and replacement of each storage drive. Again, the lack of consistency and large number of OEMs and models create a significant challenge in understanding which technologies may be available for data eradication. And since some OEMs charge for data eradication or hard drive re-installation services, they will closely guard their solution to protect their service revenue stream.

In addition to data security products and services offered directly by the OEM or its authorized service providers, several technologies or methodologies can provide acceptable data-eradication results at the end of use. A growing number of third-party service providers are offering a variety of data security services, including software overwriting, data removal and destruction, and resetting options, either at the client's facility or upon receipt of the equipment at the service provider's depot center.

The ultimate data eradication method for any data storage device is removal and total destruction of the device. Destruction can be performed in a variety of ways, but it usually involves shredding, drilling, or incinerating the storage device. Full data eradication involves replacement of the data storage device and a separate certification and reporting process for the completion of the eradication. Only a few service providers can offer this level of data eradication as a viable solution.

Storage drive removal and degaussing is another method of total data eradication. Degaussing uses a machine that produces a strong electromagnetic field to destroy the magnetically recorded data on the hard drive. While this process is proven to be a reliable data eradication option, it does present some drawbacks. First, degaussing usually renders the storage drive unusable, so a new drive would need to be installed and reinitialized. Secondly, hard drives that have been degaussed exhibit no change in their physical appearance, so verification that the process has been completed can be difficult. Finally, no reporting or certification process is created as a result of degaussing ' or any of the other data eradication techniques, for that matter. A separate certification and reporting step would need to be created and recorded each time degaussing or any of the other data eradication techniques are used.

Since copiers employ many of the same data-storage technologies used in modern computers, software and hardware designed to erase computer hard drives can frequently be employed in eradicating data stored within copiers and MFPs. In nearly every such case, the storage device will need to be removed from the copy machine or MFP and placed into a computer or separate hardware device for processing. The storage device is then erased by writing a series of data to each section of the drive, in many cases performing this task multiple times to ensure that none of the original data can be retrieved. The resulting level of security obtained is determined by the number of passes that are performed. While one pass may be sufficient, the industry standard is usually three passes. It is best to use a software application that can provide a certification document listing all the technical specifications of the overwriting process.

This software-based solution provides several advantages. First, the hard drive remains physically intact and can be reused and reinstalled into the digital device after it has been cleaned of data. The hard drive can usually be reinitialized through an OEM routine built into most devices. The capability to reuse the hard drive usually adds to the residual or remarketing value of the equipment. Secondly, software-based solutions should provide detailed reporting of the overwriting process that can be linked to the original digital device and thereby verify that its data had been eradicated. Finally, one of the most compelling reasons to consider a software-based data-eradication solution is the ability to perform this process in-house, thereby eliminating the risk of the unit being stolen or lost in transit.

Regardless of the data-eradication method used, it is important to track the entire chain-of-custody of the data storage device in any copier or MFP. Frequently, data stored within a copier or MFP can get lost or stolen when its storage device is removed and subsequently lost or misplaced while in the data destruction process.

The National Institute of Standards and Technology (“NIST”) is responsible for defining data security standards for the U.S. government and industry. NIST has published Guidelines for Media Sanitization (NIST Special Publication 800-88), which outlines the data eradication methods that should be used based on the type of device and security needs of the organization. This publication is extremely important to organizations that work with government agencies or with information from government agencies. NIST 800-88 supersedes the older data security standard published by the Department of Defense (DoD 5220.22-M) and covers a much larger range of data storage devices, including copiers and fax machines.

Solutions

Regardless of the volume of digital devices used by an organization, a clear, thorough data-eradication process needs to be in place. Whether a company utilizes the OEM options for data eradication or enlists a qualified third-party firm that specializes in these services, an enterprise-wide solution is critical.

A complete enterprise-wide data-eradication program for all equipment data storage devices should include the following components:

• A complete inventory of all equipment that may contain permanent data-storage devices;
• Asset tracking and/or leased equipment tracking for all such inventoried equipment;
• Identification of responsible staff who can meet company objectives for data eradication;
• Development of internally acceptable methodology for data-eradication processes;
• Chain-of-custody tracking for all equipment that contains data-storage devices throughout the equipment life cycle; and

Implementation of a data-collection method to permanently record data-eradication certification reports, whether for overwriting or storage-device destruction.

Dan Fuller is president of EPC, an asset recovery solution provider, in Saint Charles, MO. Since its founding in 1984, EPC, a CSI leasing company, has provided its customers with seamless solutions for maximizing return and minimizing the risks associated with data security and improper handling of end-of-life IT assets.