Data Delete Frequently Asked Questions
Total Page:16
File Type:pdf, Size:1020Kb
December 2020 Data Delete Frequently Asked Questions What is Data Delete? Data Delete lets authorized users delete some or all sensitive data on a device’s hard drive. If one of the devices you manage is stolen, you can initiate a Data Delete request so that any sensitive data is deleted the next time your device connects to the Absolute Monitoring Center. You can also use the Data Delete feature for lifecycle management to ensure that devices are left clean and free of sensitive data at the end of their life or lease. Users who are assigned to only one Device Group can perform a Data Delete operation on only those devices that belong to the Device Group. How do I get authorization to use Data Delete? The Data Delete permission must be assigned to your role. If you are assigned the System Administrator, Security Administrator, or Security Power User role, you have the required permission to perform a Data Delete operation. You may also have the required permissions if your account includes one or more custom roles that are granted the Data Delete permission and a custom role is assigned to you. To view role permissions, log in to the Absolute console and go to User Management > Roles in the Settings area. What safeguards are in place to ensure that only authorized users can start Data Delete? A number of safeguards are in place to prevent unauthorized access to the Data Delete feature. l The logged in user must be assigned to a role that is granted the Data Delete permission. NOTE Security Power Users can only perform security operations on devices or device groups to which they are assigned. l The logged in user must have a unique emailed authorization code. Authorization codes are linked to specific users with security permissions, and are not interchangeable between different users in an organization or between different accounts. l When you submit a Data Delete request, you’re prompted for your Absolute console password and the authorization code. The password you enter here must match the password you used when you logged in to the Absolute console, and the users' email addresses must not have changed in the preceding 72 hours. Can Absolute run Data Delete on my devices without my permission? No. Absolute personnel cannot run Data Delete because doing so requires an emailed authorization code, which only you, the customer, possess. Also, when a user logs in to the Absolute console, a username and password associated with an authorized user is required for your account, neither of which Absolute personnel would know. What is an emailed authorization code and how does it work? An emailed authorization code is a unique, alpha-numeric code sent to the email address on file for the authorized user who submitted a request in the Absolute console. The authorization code is valid for two (2) hours after it’s issued, and is used for one Data Delete operation only. The user who requests the authorization code is the only person who can use it. Confidential and Proprietary. Property of Absolute Software Corporation. 1 Data Delete Frequently Asked Questions When I need to perform a Data Delete, how do I request an authorization code? To request an authorization code: 1. Log in to the Absolute console as a user who is authorized to perform security operations. 2. On the quick access toolbar, click and then click Authorization Code. 3. On the Request Authorization Code page, click Request code. 4. Check your email for a message that contains your authorization code. As an authorized user, how do I request a Data Delete? What you do next depends on your situation. l Is the device missing or stolen? If so and if your Absolute product includes Investigation Reporting, you need to create a Data Delete Request before you create an Investigation Report. To create an Investigation Report, see Reporting devices missing or stolen in the console Help. l If you’re requesting Data Delete on a device that’s ready for retirement or getting returned to a leasing company, you need to have an Ethernet connection before you can initiate Data Delete to perform an End of Life data wipe. For instructions, see the section titled “Viewing or Printing an End of Life Data Delete Certificate” in the Absolute User Guide. To request Data Delete, do the following: 1. Log in to the Absolute console as a user who is authorized to perform Data Delete. 2. On the navigation bar, click . 3. On the Settings sidebar, click Data Delete. 4. Click Request Data Delete. 5. On the Request Data Delete page, enter all appropriate data, click Continue, and click OK. For more information about requesting Data Delete on your devices, see the section titled “Requesting a Data Delete Operation” in the Absolute User Guide. When I submit a Data Delete request, am I notified when the Data Delete operation is complete? Yes. Emails are sent to the requester at three different points during a Data Delete request’s lifecycle: l when a Data Delete is requested and its status is set to Set, Awaiting Call l when the agent calls and the Data Delete status is set to Launched l when the Data Delete completes, the log file is uploaded and the Data Delete status is set to Complete Each email contains details about the device, the deletion options, the status, and the requester. Can I recover the data from fixed disks or magnetic media after it’s deleted? No. The data is not recoverable. For all desktop or laptop devices, the Data Delete operation uses an algorithm that far exceeds the recommendations documented by the United States National Institute of Standards and Technology (NIST). For more information, see NIST Special Publication 800-88 Rev. 1 Guidelines for Media Sanitization. Confidential and Proprietary. Property of Absolute Software Corporation. 2 Data Delete Frequently Asked Questions The NIST 800-88 document provides specifications for wiping disk storage to guarantee that all data previously contained on the magnetic media is erased permanently. Most often, when you delete a file on managed devices, the device doesn’t actually remove the contents of the file, but instead unlinks the file from the file directory system, thereby leaving the contents of the file in the disk sectors. The data remains there until the operating system reuses these same sectors when writing new data to the media. Until the old data is overwritten (which may take months or even longer) you can recover it by using various programs that read disk sectors directly, such as forensic software. In addition, even when a sector is overwritten, the phenomenon of data remanence (the residual magnetism or physical representation of data that was erased in some way) can render deleted data forensically recoverable. To make sure that a file was deleted correctly, it’s necessary to overwrite the data sectors of that file. It’s not sufficient to erase or reformat the drive, because there are numerous tools available to recover “lost” data on disk drives. The NIST 800-88 specification requires that every single location on a magnetic media device is written to three individual times, first by writing a fixed value (0x00) once, then by writing its complement value (0xff) once, and finally by writing random values once. Absolute’s Data Delete feature offers Data Overwrite functionality that deletes the specified data and overwrites it with random or garbage data to make the original data impossible to recover. Data can be overwritten one (lowest level of security), three, or seven times (highest level of security). This overwrite process is called a data wipe. For more information about the data wipe options available to you, see the section titled “Selecting Data Delete Options” in the Absolute User Guide. Depending on the option selected, Absolute’s deletion algorithm meets or exceeds the NIST 800-88 standard by overwriting the data and performing additional operations. For example, when you select the option to perform seven (7) data wipes, the algorithm performs all of the following actions: 1. Overwrites the target area seven times–the first six times writes with an alternating pattern of 1s and 0s, and the final time writes with a random value. 2. Writes random data to the file. 3. Changes the file attributes to directory. 4. Changes file date and time stamp to a fixed value. 5. Sets the file size to 0. 6. Changes the file name to a randomly generated file name. 7. Removes the new file name from the directory. Does Data Delete adhere to the US Department of Defense 5220.22-M Magnetic Media Sanitizing Standard? No. There are no software-only solutions that adhere to this standard because it requires physical destruction of the media by disintegrating, incinerating, pulverizing, shredding, or melting the disk drive. The National Industrial Security Program (NISP) is the nominal authority in the United States for managing the needs of private industry to access classified information. A major component of the NISP is the NISP Operating Manual, also called NISPOM, and also known as the Department of Defense Manual 5220.22-M. The NISPOM establishes the standard procedures and requirements for all government contractors with regard to classified information. Confidential and Proprietary. Property of Absolute Software Corporation. 3 Data Delete Frequently Asked Questions In the media sanitization context, DoD 5220.22-M is often cited as the standard for data sanitization. The NISPOM document, that is the 5220 specification, covers the entire field of government-industrial security, of which data sanitization is a very small part: about two paragraphs in a 141-page document.