The integration of data collection and analysis tools into modern manufacturing environments has revolutionized how companies operate, while also creating new cybersecurity challenges. While manufacturers rarely gather personal information, their systems and devices capture, process, and store information using a variety of inputs and media. This data is located not only on designated storage media, but also within devices used to create, process, and transmit this information. These systems and devices are often filled with sensitive data that may be valuable to cyber criminals. This risk is forcing manufacturers to implement media protection policies to mitigate the risk of unauthorized information disclosure, maintain confidentiality, and ensure production equipment is insulated from other forms of exploitation.

Information must be maintained in a manner that protects its confidentiality and integrity while making it available for authorized use. Media Protection security principles are established in NIST SP 800-53. Security controls related to media protection include media: i) policies and procedures, ii) access, iii) marking, iv) storage, v) transport, vi) sanitization, vii) use, and viii) downgrading. (SP 800-53, Appendix F-MP).

These principles provide a set of procedures that ensure all information is properly safeguarded. But what happens when a storage device needs to be replaced? When systems, devices, and storage media become obsolete or no longer required, it is important to ensure that residual magnetic, optical, electrical, or other data that has been deleted is not easily recoverable.

virtual trashcan graphic

What is NIST 800-88?
NIST SP 800-88 Revision 1 provides guidance to assist organizations and system owners in making practical sanitization decisions based on the categorization of confidentiality of their information.

What is media sanitization?
Media sanitization refers to a process that renders access to target data on the media infeasible for a given level of effort. Information disposition and sanitization decisions occur throughout the information system life cycle.

What is data destruction?
The process of destroying data that is stored on your hard drives, tapes and other electronic media, in a manner that the data is no longer readable. This prevents unauthorized users from accessing your sensitive information after a piece of hardware has been repurposed or decommissioned. While simply deleting the data will make it inaccessible to your operating system, a skilled hacker would be able to easily retrieve the information unless more drastic measures are taken.

We can help you improve your media protection policies by offering clear data destruction recommendations that are efficient and cost-effective. Information disposal, media disposal, storage security, purge, and media sanitization all relate to media protection decisions. Our cybersecurity specialists understand the ins and outs of data security and will work with you to create a program that can ensure your storage devices are properly managed throughout their operational lifespan.

Selecting the right data destruction method.

When an IT asset is on the verge of retirement, it’s important to consider how your information security team will deal with the stored data. If your company relies on a third-party cybersecurity service provider, it’s essential to verify the exact data destruction processes they’re using.

A lack of visibility can leave your business open to a range of potential risks, including data theft and credential exploitation. At Certitude Security, we work alongside your internal or external IT team to evaluate the data destruction measures being deployed, and provide comprehensive guidance to maintain your information security. Some of the data sanitization measures we advocate for include:

Data destruction software

This method of data erasure fills the available space on your storage devices and media equipment with a random pattern of ones and zeros, overwriting any sensitive information they contain. While this form of on-site data destruction may require some IT investment, it allows your company to directly oversee every step of the process.


This form of data destruction is specially designed to eradicate information from magnetic storage tapes and disk drives by altering the devices’ magnetic field. The benefit of this approach is that it allows you to reuse tapes that do not have prewritten tracks. Additionally, degaussing can be used to erase data stored on hard drives and other computing equipment, which may be the most cost-effective option.

Physical destruction

If your manufacturing company deals with sensitive or classified information, physically destroying your storage devices may be the best approach. This method is often considered the most effective means of protecting your data and is usually achieved through shredding storage tapes, hard drives and optical media.

Improving your media and data protection strategies.

End-to-end data protection is essential to manufacturers of all sizes, which is why it’s important to choose a data destruction company that aligns with your company’s operational scope and business objectives. Narrowing down your options can be a challenge, as every company has different standards, costs and disposal methods. Ensuring that the data stored on your equipment is properly wiped or destroyed is crucial, so be sure to verify the credibility of your service provider and ask for a certificate of destruction for each device you send out.

We continue to observe manufacturers who overlook the general process of removing data from storage media, in a manner consistent that there is reasonable assurance that the data may not be easily retrieved and reconstructed.

We have years of experience with media protection and data destruction, which enables us to locate comprehensive solutions that match your unique needs. We help our clients maintain strong information security by ensuring data destruction companies and external IT teams uphold best practices that will protect your data in the long term.

Data-bearing devices are sanitized and verified to NIST SP 800-88 R1 requirements per NIST SP 800-53 CSF
Meets the NIST 800-88 federal guidelines for media sanitization

If you’re interested in learning more about our media protection services, contact us today.

Schedule Your Consultation