March 31 is World Backup Day, the day that the storage tech industry exhorts us all to back up our digital possessions and practice good data hygiene. But there's one thing that's just as important as backing up your data in the first place, or possibly more so: properly getting rid of your old backups when they're no longer useful. So while you're using today as an excuse to get your friends and family to get their critical files backed up, it's worth taking a hard look at how to make sure that old backups get retired in a way that doesn't result in someone getting hold of your grandmother's tax return.
Backups, like anything in a can, have a limited shelf life. Just as you should destroy those old bank statements, pay stubs and other pieces of paper that have your personal data on them, old data needs to be shredded too—virtually or physically. Just like you'd never give your tax returns to your kid's school for origami projects, you shouldn't just pass on that old 200 GB external drive to your cousin—or sell it on Craigslist—without taking some precautions first.
There are plenty of cautionary tales of disk reuse gone wrong. In 2009, researchers surveying used hard disks found sensitive data on an antiballistic missile system and the Lockheed-Martin facility where it was being developed on a hard drive purchased on eBay. And last year, a survey of drives being prepared to be sold at auction by the State of New Jersey found court records and other sensitive data still lingered on the drives.
So, be sure to share these bits of wisdom with friends and family when you help them set up regular backups:
Encrypt it
If you plan on keeping backups for a long time, storing them in an encrypted form on a removable or external drive can give you a fairly high level of certainty that someone won't casually peruse through it. The US government's guidelines for destroying data now exclude encryption as a method of data destruction, because of concern that a determined attacker with a lot of computing power could eventually recover encrypted data on a discarded disk. But then again, odds are you won't have to worry about someone using a Beowulf cluster to crack the crypto on your backed up digital photos.
As long as you have a strong enough encryption key, the software provided in Windows and Mac OS X can provide sufficient protection of archived files on a removable drive for most purposes. While there have been demonstrated cases of retrieving keys for software-based tools like Windows BitLocker and MacOS X's FileVault, those were in cases where the whole computer was available to the attacker.
Another way to handle the encryption problem is to use a self-encrypting drive, such as those built to the Opal standard of the Trusted Computing Group. External drives that meet the Opal standard are just starting to come out onto the market. The advantage of these drives is that it's possible to delete or reset the encryption key on the drive itself, effectively destroying the data because of its size.
Sadly, even large enterprises often skip back-up encryption, as demonstrated by IBM's recent loss of backups for the California Department of Child Support Services, potentially exposing the personal data of 800,000 people. (The data storage devices lost used a “specialized format,” the agency said, which requires proprietary equipment to read, so the risk is relatively low—but still out there.)
Write it over.
Deleting a backup from a drive before retiring it isn't enough to make it go away, nor will a simple reformat. However, doing a full format of the drive—overwriting the entire drive, rather than using a “quick format” approach—will effectively destroy the remaining data. If you're planning on passing the drive on to someone else, or re-purposing it, this is usually enough to make sure you're not exposing any old skeletons.
But for deleting individual backup archives on disk to make room for new ones, the best way to make sure they're gone forever is to use a secure delete program that overwrites the deleted file, or the free space on the drive after it's gone, with random binary data. Mac OS X Lion includes a “Secure Empty Trash” feature, and there are a variety of Windows and Mac OS utilities available that provide the capability as well, such as Eraser for Windows. There are also command-line tools, such as the srm Unix command-line tool included in Mac OS X and Sysinternals' sdelete for NTFS file systems, which use the Gutmann method of secure file deletion—overwriting a file 35 times with different patterns of binary data to totally obliterate it. The Gutmann approach is overkill, however: researchers showed in 2008 that there was no need to do that sort of repeated overwrite to securely delete files, and that a single overwrite is sufficient.
Beat it with a hammer
I've had a few backup drives fail on me over the past few years, including one unfortunate incident involving a cat in my network closet. The first instinct with these may be to simply toss them in the trash.
But that instinct can put the data still intact on the drive at risk. While it's very unlikely that someone hanging out at the dump—or, preferably, your local e-recycling operation—is going to pick your crashed drive to search for personally identifiable data, there's always room for paranoia.
There are a couple of ways to destroy data on a failed backup drive. The National Institute of Standards and Technology's Guidelines for Media Sanitization (PDF) recommends disintegrating, shredding, or pulverizing hard disks to destroy them, or burning them in “a licensed incinerator.”
For those of us without a licensed incinerator, simply opening up the drive case and beating the platters with a hammer will probably suffice. Some commercial e-disposal companies, such as Security Engineered Machinery and e-End , will demagnetize and shred drives for you.
Put it in the cloud
Of course, you can pass off all these problems to someone else if you're using a cloud-based backup service—providing, of course, their terms of service include provisions for secure destruction of data when you're done with it.
Major online backup providers like Mozy and Carbonite encrypt backup data in transit and at rest. If you want to build your own cloud backup service, Amazon's Simple Storage Service also provides for encryption. And it's unlikely that anyone will ever have physical access to the drives with your data on them when you use these services, since the data centers that they reside in have strict guidelines on decommissioning storage, according to the companies.
There are lots of reasons to prefer having a local backup instead of depending on a cloud service. But if you're trying to get someone a bit less technical to just do backups in the first place, using a cloud backup service at least gets you out of having to manage their data lifecycle—at least until they decide it's time to buy a new computer.
Listing image by Photograph by Michael Dorausch
reader comments
65