1. Beef up your data security with
certified data erasure solutions
Constantin Buda
2. Presentation Agenda
1. Why protect your data?
2. Blancco’s expert credentials
3. What do you need to erase today?
4. Blancco’s certified data erasure
solutions
5. Discussion/Demo
3. Why protect your data?
• Background:
• New advancement in technologies
• Where is the data stored?
• Explosion of social media
• Increase use of smartphones
4. Why protect your data?
• What data should be protected?
• Who is responsable for data loss?
• What data should be erased?
• Certified versus non-certified
6. Who arewe tospeak? Why Blancco
canclaim to bethe globalleader
• Certified data erasure
software
• Blancco has over 10
years experience with
both public and
private sector
organisations
• Millions of licenses
used worldwide with
tens of thousands of
assets erased daily
BLANCCO IS THE MOST CERTIFIED
AND RECOMMENDED PROVIDER
7.
8. Half of the Fortune Global Top 10
companies use Blancco
12. Blancco’s secure data erasure
• Blancco uses software-based
overwriting that destroys all
electronic data.
• Overwriting goes beyond file
deletion commands which only
removes direct pointers to the
actual files.
• Physical destruction, which render
the disk unusable, data erasure
removes all data while leaving the
hard drive operable.
16. Blancco LUN Eraser
• A datacenter has many hard drives
• All of these hard drives can be grouped
together into one big „cloud“ for easier
handling.
• However, now we can only see one
giant „logical“ unit instead of all of the
individual hard drives.
• The Blancco LUN Eraser can be used to
overwrite any detected drive including
IDE, SCSI, FC, and iSCSI.
17. Nobody can tell exactly which physical hard
drives belong to a particular LUN, but with
Blancco, we know that they are all securely
overwritten.
LUN 1
LUN 2
LUN 3
LUN 4
LUN 5
LUN 6
18. • Instead of rebuilding and configuring a LUN
structure, the Blancco LUN Eraser allows the
reuse of an existing structure.
• This solution is designed to run in an
operating active environment by the
administrator/technician. No reboot or
downtime is necessary.
•All international erasure standards are
supported
•Blancco automatically generates an erasure
report
Benefits
20. Blancco Mobile
• Increased amount of data stored on
mobile/smartphones
• Smartphone market is incrasing
• Eventually all phones will become
smartphones
• More of your data/privacy is exposed
21. Benefits
• One solution for several
hundred mobile devices
• One unified reporting &
sending to MC
• Unified process model for
saving time and labor costs
• Only data is erased. Mobile
phone restored to factory
state!
24. Blancco software is used to provide
you with thefollowing benefits:
• Increased data security. Assuring
regulatory compliance
• Minimized environmental impact
• Creation of alternative revenue streams
• Reduced costs with faster, cheaper and
improved processing of IT assets
26. What should asecure data erasure
policy contain?
3 CRITERIAS FOR DATA ERASURE:
• ERASURE
– Certifications
– 18 supported data erasure standards
• REPORTING
– Erasure reports from every erasure
– Justice for IT Manager
• AUDITING
– Erasure process must be supervised –
internal checks
– All reports to one database
27. Thanks for your time!
Please feel free to ask questions and comment on Blancco and data erasure.
You can also learn more at www.blancco.com or
www.dataerasure.com
Constantin Buda
Manager East Europe
Blancco Oy Ltd
Mobile: +358 440 334 556
Email: constantin.buda@blancco.com
Editor's Notes
The new legislation will clarify which law applies to a company active in several Member States.
Data can be collected in Germany, stored in India and processed in the United States.
EU data security rules will be strengthened and made more consistent, under new legislation being drawn up by the EU Justice Commissioner, Viviane Reding. Her proposals cover the full range of internet-based activities, from cloud computing and social media to banking and finance. They even include the consideration of establishing a “right to be forgotten” online.
Viviane Reding Vice-President of the European Commission EU Justice Commissioner Your data, your rights: Safeguarding your privacy in a connected world Privacy Platform "The Review of the EU Data Protection Framework" Brussels, 16 March 2011
Directive 2002/58/EC is concerning the processing of personal data and the protection of privacy in the electronic communications sector.
In mid-November 2011, the European Commission will publish the new version of its Data Protection Directive, the legislation on which the Data Protection Act is based, and among the new measures will be instructions on data processing.
This will install a 'mandatory data breach disclosure' law covering every organization in the public and private sectors.
Data Protection Directive will include a ‘binding safe processor rule', whereby data owners will not be liable for loss at the hands of a cloud provider.
Peoples’ rights need to be built on four pillars:
The first is the “right to be forgotten”: The burden of proof should be on data controllers – those who process your personal data. They must prove that they need to keep the data rather than individuals having to prove that collecting their data is not necessary.
The second pillar is "transparency". It is a fundamental condition for exercising control over personal data and for building trust in the Internet.
Individuals must be informed about which data is collected and for what purposes. They need to know how it might be used by third parties. They must know their rights and which authority to address if those rights are violated. They must be told about the risks related to the processing of their personal data so that they don't loose control over their data or that their data is not misused.
The third pillar is "privacy by default". Privacy settings often require considerable operational effort in order to be put in place. Such settings are not a reliable indication of consumers' consent. This needs to be changed.
The "privacy by default" rule will also be helpful in cases of unfair, unexpected or unreasonable processing of data – such as when data is used for purposes other than for what an individual had initially given his or her consent or permission or when the data being collected is irrelevant. "Privacy by default" rules would prevent the collection of such data through, for example, software applications. The use of data for any other purposes than those specified should only be allowed with the explicit consent of the user or if another reason for lawful processing exists.
The fourth principle is "protection regardless of data location". It means that homogeneous privacy standards for European citizens should apply independently of the area of the world in which their data is being processed. They should apply whatever the geographical location of the service provider and whatever technical means used to provide the service. There should be no exceptions for third countries' service providers controlling our citizens' data. Any company operating in the EU market or any online product that is targeted at EU consumers must comply with EU rules.
For example, a US-based social network company that has millions of active users in Europe needs to comply with EU rules. To enforce the EU law, national privacy watchdogs shall be endowed with powers to investigate and engage in legal proceedings against non-EU data controllers whose services target EU consumers.
Stakeholders at a recent public consultation on data protection asked me to make clear that our data protection rules also apply to data retention. Storage of data is already included in the broad definition of "processing" but the general public is unaware that processing includes storing / retention.
One of the grounds for data retention is law enforcement. This brings me to the role of the police and judicial cooperation in criminal matters and the data protection rules that should be applied in this area to eliminate any potential gaps and inconsistencies and to ensure a high level of protection.
Blancco is the most certified and recommended provider meeting 16 of the most respected standards including certifaction, reccommendation or approval by;
NATO – The North Atlantic Treaty Organisation
DoD – USA Department of Defense
NSTL – National Security Testing Lab
TUV – Rheinland
CESG – Communications Electronic Security Group
INFOSEC – The Defence INFOSEC Product Co-Operation Group of the UK
AIVD – Netherlands National Communication Security Agency
NSM – The Norwegian National Security Authority
AWB – The Polish Internal Security Agency
RITEA – Blancco is certified by Japan’s Refurbished information Technology Equipment Association
ORNISS- Blancco is included on teh Romanian NSA security cathalogue
NBU- Czech NSA reccomends Blancco
-Last year Blancco applied for Common Criteria testing and certification. Common Criteria certification EAL3+
-CC is also known as ISO 15408
Blancco uses software-based overwriting that completely destroys all electronic data on a hard drive or other digital media.
Permanent data erasure goes beyond basic file deletion commands which only removes direct pointers to the actual files and makes data recovery possible with common software tools.
Unlike degaussing and physical destruction, which render the disk unusable, data erasure removes all information while leaving the hard drive operable, preserving the assets and the environment.
Blancco sales will consult on finding the best solution that fits with the customers needs, type of hardware and process. Typically licenses are sold on an enterprise/organisational basis with options for time, data volume, hardware units and number of seats/workstations available. Comprehensive service package available.
Management console it enebles you to gather, manage and audit your reports. Furthermore you can export, import, sort the reports. It is a great tool to control your entire erasure process.
I am proud to tell you that Blancco offers you this security option for your data erasure processes.