Data at rest refers to data stored on media such as hard drives, removable media, or backup tapes. Data at rest can be encrypted for protection.
Data in motion or data in transit refers to data that is moving or being transmitted to another device. Two concepts are presented in the CBK that relate to protecting data in motion:
- End-to-end encryption – which refers to encryption that is established between endpoints, typically as seen when accessing a website using HTTPS. The encryption is established between the web server and the user’s device. Certain information is visible to eavesdroppers such as routing information.
- Link encryption – which refers to a process that decrypts and re-encrypts the data packet at each node. Routing information is invisible to eavesdroppers when using this method.
Data in use refers to data in process or data that is being used by an application or function. Since data in use is cleartext, the use of an enclave is recommended. A secure enclave is an isolated component of the architecture that allows data in use (cleartext) to be protected from other less protected parts of the architecture.
Pervasive encryption is something that IBM is developing that could theoretically encrypt data in use or data in process.
Data Remanence
Data remanence is the data that remains after deletion, which creates a risk. To mitigate the risk of malicious data recovery, physical destruction is always the best method. Other methods of dealing with remanence include several terms:
- Clearing
- Purging
- Destruction
- Degaussing
- Sanitizing
- Overwriting
- Wiping
- Encryption
Let’s try to simplify this. There are basically three categories of dealing with data remanence:
- Clearing
- Purging
- Destruction
Clearing is a strong method of data removal, typically it involves wiping or overwriting the data with zeroes or ones; data may be recoverable under this method.
Purging is a stronger permanent method that can include methods such as sanitizing or degaussing (exposing the media to strong magnetically charged fields); data is not considered recoverable by any known methods.
Destruction is the strongest method and includes shredding, pulverizing, burning, and encryption.
To memorize this, repeat the phrase “Cow, Pig, Sow,” or “CP SOW.” Repeat it again and think of a farm you visited or one that you saw in a movie. Now repeat the following mnemonic:
Clearing Can (be recovered)
Purging is Permanent
Sanitizing is the Same (as purging)
Overwriting with Oh’s
Wiping is Writing (overwriting, that is)
Notice how the letters match to help you remember. It seems silly, yes, but this is the key.
So here’s the phrase to keep repeating, once again:
Cow Pig Sow; CPSOW, Clearing Can, Purging is Permanent, Sanitizing Same, Overwriting Oh’s, Wiping is Writing. Repeat this over and over, and consider copying it onto a memorization sheet.
Here’s a video to help illustrate it:
Cloud-based data remanence can be addressed through encryption.
When it comes to non-magnetic drives, such as solid state drives (SSD) the best method (aside from physical destruction) is a combination of overwriting, purging, and encryption, or crypto-erase, which means to encrypt the drive and throw away or destroy the key.
A few more terms that you need to be aware of for destruction are:
- Use of corrosive chemicals
- Phase transition, which means that both temperature and pressure are applied in order to change the state of the drive
- And CURIE temperature, which applies to magnetic disks – curie temperature is the process of heating the drive to a point where it loses its magnetic properties
Destruction methods are discussed in NIST special publication 800-88
End of Life (EOL) and End of Support (EOS)
Retention policies, age of data, categorization, and cost of storage, and method of disposal:
ISC2 talks about how our retention policies need to consider what happens to our data, especially when and if it’s sitting on things like magnetic tapes, or zip drives that have already reached EOL/EOS and are no longer supported. We have to consider the classification and categorization/impact of the data – for example, if top secret data is sitting on a tape of some kind, and there are only a dozen of that type of tape readers in the world, what is the risk of breach or exposure, and how does it need to be protected?
We also have to consider the categorization, or the impact of the data – if the data on unsupported tape can be used to cause harm to human life, or whether the data has zero impact on anything nowadays. This would be essentially measuring and prioritizing the risk as mentioned in Domain 1.
These elements should factor into how we dispose of the data as well.
Note that national archives or libraries can keep up to sixty years of data available, so think about what storage methods should be used when considering the data’s availability – demand should be considered for the data as well.
The CBK mentions using a hybrid cloud architecture to address some of these issues, which is basically using more than one cloud provider. For example, if the data is old, but required to be available and not on unsupported magnetic tapes anymore, the data can be moved to a hybrid cloud architecture for production and replication.