• Company-related data must not leave the building – Data Loss Protection (DLP)
  • Certified and complete volume deletion only after EAL3 + secure

The General Data Protection Regulation (DSGVO), which comes into force in May 2018, requires companies to legally ensure that personal data is securely erased on every storage medium and proof of this is provided. For this purpose, systemic measures must be taken (Data Loss Prevention (DLP) approach).

With § 17 of GDPR the so-called "right to be forgotten" became codified entry into European data protection law. This is a comprehensive right to delete all data or to a person on the Internet. The right to delete is not new, but there are many new things to keep in mind.

The “right to be forgotten” had become the focus of public attention following the ruling of the European Court of Justice of 13.05.2014 (ECJ C 131/12), following the complaint of a Spanish private individual.

The General Data Protection Regulation does not specifically define the term "deletion". The decisive factor is that, as a result, there is no longer any possibility of using the data without disproportionate effort.

It is sufficient

  • The disks are physically destroyed
  • Delete links or encodings
  • For rewritable data carriers (e.g., a hard disk), if necessary, use special deletion software

It is not enough

  • Easy to dispose of media, so throw it in the trash
  • To take purely organizational measures

Powerful cleanup software eliminates any digital format (files, folders, partitions, file systems, disc sectors, etc.) on any storage media that can be connected to a PC, Mac or server. Upon deletion, all data is overwritten. Sector by sector of the storage medium, according to the selected deletion pattern. Subsequently, the erasure result is checked and verified according to the specifications.

A data wiping environment should cover the various uses of storage media such as hard drives and flash memory of all types. Cloud-based management functionality enables secure, forensically verifiable, comprehensive and transparent data deletion results, hardware auditing and deletion reports across all storage platforms through cost-effective services.

A cloud-based DLP approach, as well as the certified data erasure process, should meet the most stringent IT security requirements of the CCRA International Convention, also known as the Common Criteria Recognition Arrangement (ISO 15408).

The EU’s highest level of EU data erasure security auditing (EAL3 +) must be complied with, which complies with Common Criteria requirements.

Secure deletion of all types of storage media

There are currently 13 cleansing patterns from the Linux world. After deletion, the most recent information on the device will be removed. This also corresponds to the method known as Degaussen. After that, it is no longer possible to recover the previous data, no matter what data recovery methods are used. This result is achieved by ensuring that the deletion processes are strictly controlled and that all sub-processes are included. This cannot be corrupted, thanks to the internal security mechanisms and the success control after completing the procedure. The procedure was certified as EAL3 + according to the Common Criteria, the highest level of security in Europe.

In addition, the user needs different exportable report formats, including XML, HTML, XLS, and PDF. This includes locating, sorting, or selecting and exporting the deletion or hardware information needed for reporting, depending on common file formats such as XML and PDF.

Cloud-based reporting in all file formats

"A certified delete and verify process is essential to protect intellectual property, corporate know-how, or IP, especially when storage media (hard drives, USB flash drives, memory cards) leave, relocate, sell, or transfer company doors Storage devices are spied out or transferred unattended”, says Robert Brunner.

"Especially after an infection or an attack, IT systems often have to be re-deployed. A certified data erasure such as the Certus Cloud Certified Data Erasure Solution verifiably ensures that all locations of the affected systems have been cleaned and erased, and thus secure," explains Wolfgang David, VP Sales at Certus Software.

Tested security, data deletion on EAL3 + level

The security level that should ensure the data erasure solution is EAL3 +, the Common Criteria for Information Technology Security Evaluation (called CC for short) or also known as ISO / IEC 15408. This is the highest IT security evaluation assurance level (EAL) from the EU for data erasure software.

This has the Common Criteria R.A. (CCRA), an agreement of 26 different governments around the world, with the aim of raising the requirements of ISO 15408 and the mechanisms of mutual recognition. In the US, this is the National Information Assurance Partnership (NIAP), which determines the national CCRA, known as CCEVS.

Secure cloud-based deletion

The deletion with their management cockpit should also be safe in the cloud. It is important to ensure access and their Internet connection: to the highest standards, secured by an encrypted connection according to the TLS v1.2 protocol, the successor of SSL encryption as for VPN and secure surfing.

Links:

Über die Certus Software GmbH

Certus Software develops and operates Certified Data Erasure Solutions (Certified Data Erasure Solutions) software for all types of data storage devices. Developed and certified within the EU, its unique cloud-based management functionality enables comprehensive, forensically-verifiable data deletion through cost-effective and certified services that comply with internationally recognized security standards, such as the CC EAL3 +.

Embedded in the Cloud portal of Certus Cloud Certified Data Erasure offers from the outset, through its functional user interface, the possibility of multiple user input and reporting options.

The mission of Certus Software is to provide transparency and traceability of the past information related to the deletion and to ensure each customer certified protection of confidential data of a storage medium with complete data erasure.

Corporate video: https://certus.software/media/Certus_Image_EN.mp4

Firmenkontakt und Herausgeber der Meldung:

Certus Software GmbH
Tattenbachstrasse 1
86179 Augsburg
Telefon: +49 (821) 6506880
http://www.certus.software

Ansprechpartner:
PR/Press Contact Certus Software
Telefon: +49 (821) 661090-30
E-Mail: certus@bimpress.de
Ruud de Wildt
Telefon: +49 (821) 650688-0
E-Mail: pr@certus.software
Für die oben stehende Pressemitteilung ist allein der jeweils angegebene Herausgeber (siehe Firmenkontakt oben) verantwortlich. Dieser ist in der Regel auch Urheber des Pressetextes, sowie der angehängten Bild-, Ton-, Video-, Medien- und Informationsmaterialien. Die United News Network GmbH übernimmt keine Haftung für die Korrektheit oder Vollständigkeit der dargestellten Meldung. Auch bei Übertragungsfehlern oder anderen Störungen haftet sie nur im Fall von Vorsatz oder grober Fahrlässigkeit. Die Nutzung von hier archivierten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Eine systematische Speicherung dieser Daten sowie die Verwendung auch von Teilen dieses Datenbankwerks sind nur mit schriftlicher Genehmigung durch die United News Network GmbH gestattet.