media sanitization [English]

Syndetic Relationships

InterPARES Definition

n. ~ Computing · A process to destroy data stored on media in a way that makes it irretrievable.


  • CNSS-4009 (†730 p.46): The actions taken to render data written on media unrecoverable by both ordinary and extraordinary means. (†1739)
  • Fernandes, et. al 2014 (†717 p.131-132): Sanitization is the process of cleaning or removing certain pieces of data from a resource after it becomes available for other parties. For example, deleting data has been a concern in distributed systems for a while now, to which monitoring, marking and tracking mechanisms have been employed for data discovery. Data sanitization is an important task in order to properly dispose of data and physical resources that are sent to the garbage. For instance, Google has destruction policies to physically wreck hard drives. However, deficient implementation of data destruction policies at the end of a lifecycle, may result in data loss and data disclosure, because hard disks might be discarded without being completely wiped or might not be wrecked at all because other tenants might still be using them. Hence, one can say media sanitization is hard or impossible due to resource pooling and elasticity in cloud environments. Since pooling and elasticity entail that resources allocated to one user will be reallocated to a different user at a later time, it might be possible for subsequent tenants to read data previously written. In fact, the media recently reported a case related with sanitization. Basically, cloud recycling, as it was termed, consists in reusing a cloud instance previously used by another customer. What was strange in the case was that of the instance being exposed to massive amounts of network traffic right after being lit up. It should have been zero. After the new customer investigated, it was found that an Internet Protocol (IP) address was maybe cached and that it belonged to an ad company that perhaps did not realized that IP was still part of their live infrastructure. The instance was nonetheless returned by the new customer. This case describes an innocent oversight that could render all cloud safeguards irrelevant if a bad actor happened to gain access to that instance. Pearson said there is a higher risk to customers when reusing hardware resources than dedicated hardware. (†1640)
  • Garfinkel and Shelat 2003 (†718 p.19-20): Most techniques that people use to assure information privacy fail when data storage equipment is sold on the secondary market. For example, any protection that the computer’s operating system offers is lost when someone removes the hard drive from the computer and installs it in a second system that can read the on-disk formats, but doesn’t honor the access control lists. This vulnerability of confidential information left on information systems has been recognized since the 1960s. Legal protections that assure data confidentiality are similarly void. In California v. Greenwood, the US Supreme Court ruled that there is no right to privacy in discarded materials. Likewise, it is unlikely that an individual or corporation could claim that either has a privacy or trade secret interest in systems that they themselves have sold. Experience has shown that people routinely scavenge electronic components from the waste stream and reuse them without the original owner’s knowledge. Thus, to protect their privacy, individuals and organizations must remove confidential information from disk drives before they repurpose, retire, or dispose of them as intact units—that is, they must sanitize their drives. The most common techniques for properly sanitizing hard drives include [1)]Physically destroying the drive, rendering it unusable, [2)] Degaussing the drive to randomize the magnetic domains—most likely rendering the drive unusable in the process, [and 3)] Overwriting the drive’s data so that it cannot be recovered. Sanitizing is complicated by social norms. Clearly, the best way to assure that a drive’s information is protected is to physically destroy the drive. But many people feel moral indignation when IT equipment is discarded and destroyed rather than redirected toward schools, community organizations, religious groups, or lesser-developed nations where others might benefit from using the equipment—even if the equipment is a few years obsolete. (†1641)
  • Kissel, et al. 2014 (†716 iii): Media sanitization refers to a process that renders access to target data on the media infeasible for a given level of effort. (†1637)
  • Kissel, et al. 2014 (†716 p.5): Media sanitization is one key element in assuring confidentiality. ... In order for organizations to have appropriate controls on the information they are responsible for safeguarding, they must properly safeguard used media. An often rich source of illicit information collection is either through dumpster diving for improperly disposed hard copy media, acquisition of improperly sanitized electronic media, or through keyboard and laboratory reconstruction of media sanitized in a manner not commensurate with the confidentiality of its information. Media flows in and out of organizational control through recycle bins in paper form, out to vendors for equipment repairs, and hot swapped into other systems in response to hardware or software failures. This potential vulnerability can be mitigated through proper understanding of where information is located, what that information is, and how to protect it. (†1638)
  • Kissel, et al. 2014 (†716 p.1): The information security concern regarding information disposal and media sanitization resides not in the media but in the recorded information. The issue of media disposal and sanitization is driven by the information placed intentionally or unintentionally on the media. (†1639)