Ensuring the privacy and confidentiality of data and that customer media is protected are strategic priorities at CenturyLink. That filters down into our chain of custody procedures when handling or transferring customer media and in our procedures for the sanitization and disposal of media. Here's a shocking observation from the National Institute of Standards and Technology (NIST) Special Publication 800-88, Rev.1 on a leading source of media vulnerability and what is needed to close the gap.
An often rich source of illicit information collection is either through dumpster diving for improperly disposed hard copy media, acquisition of improperly sanitized electronic media, or through keyboard and laboratory reconstruction of media sanitized in a manner not commensurate with the confidentiality of its information. Media flows in and out of organizational control through recycle bins in paper form, out to vendors for equipment repairs, and hot swapped into other systems in response to hardware or software failures. This potential vulnerability can be mitigated through proper understanding of where information is located, what that information is, and how to protect it.
Part 3 of the Data Center series highlights the safety measures in place for digital and non-digital media in a CenturyLink data center. We've limited the scope to the safeguards around physical access to digital and non-digital media. Logical access to media is a topic for another day. Follow these links if you missed either Part 1: Physical Security or Part 2: Environmental Protection in the series.
Policy and Procedures
As we said in Part 1 of the series, it starts at the top. Physical protection of digital media in a data center is governed by CenturyLink Corporate Security which oversees the policies, processes, and work rules to ensure that all data centers operate under a consistent set of procedures and work guidelines. These help mitigate the possibility of operational failures, protect data center resources, and guide personnel in how to react safely, swiftly, and according to protocol in given situations. Compliance with security policies is mandatory for all employees, contractors, and third-parties.
Only designated groups of personnel in CenturyLink are permitted to handle digital media. They are authorized by their job functions to have physical access to tape media. As such, they are granted access to the facility, space, equipment, and containers through standard procedures in accordance with corporate policies. Specialized authorization controls who may handle media transfers. The names of people on that list are kept up to date and reviewed regularly.
Access to non-digital media is restricted through security measures as well. Corporate policy defines different information classification levels and protective measures for each level. Examples of some of these are clear desk measures or disposal of paper files through authorized recycling bins and shredding machines.
By policy we mark all external and internal removable media with bar codes. An example would be magnetic tapes. Tape numbers and bar codes are used to protect the confidentiality of the digital media and to facilitate both logging and tracking of the media. These types of media are stored in restricted areas inside the data center and protected by biometric access.
Magnetic tapes are used for long-term storage of customer data. Data on the tapes are encrypted and kept in secured areas of the facility. Access to restricted areas require a proximity card or hand biometrics to ensure only authorized employees can gain physical access. FIPS-level encryption is also available to customer environments. While our customers are responsible for their data requirement, they can extend that responsibility to CenturyLink through contract to ensure their data is protected. Encryption strength is commensurate with the classification or sensitivity of the data.
In specific instances CenturyLink may use USB flash/thumb drives. However, the only files permitted to be stored on them are firmware images for network and storage devices. We always verify the information on the device hasn't been modified before using them. Devices of this type are stored in secured areas inside locked cabinets or in safes. When no longer needed, internal digital media is destroyed or sanitized.
Media handling procedures are defined by corporate security policy. We use authorized couriers when transport of digital or non-digital media between locations is required. The chain of custody is under tight control. A customer initiates the process of courier pick-up or delivery. The internal ticket contains all relevant customer information and instructions regarding exactly which tapes are to be retrieved from the local storage equipment. The media is pulled and placed into a locked container. The container is stored in a secured area of the facility until pickup.
Upon arrival, we validate the identity of the authorized courier prior to media transfer. Security personnel then retrieve the media from the secure area and check the media into our tracking system via the use of bar code label or media ID. Logs are signed when the secure container is handed over and received by the courier. The ticket request is then updated accordingly or closed. We follow a reverse process when returning media to the customer environment.
Media Sanitization and Disposal
The specific sanitization methods for different media types are defined in our corporate security policies. There are two aspect to this topic: CenturyLink and the customer.
We dispose of internal non-digital media following best practices to properly shred papers at authorized recycling bins according to the security level of information. When internal digital media is transferred, becomes obsolete, or are no longer usable or required, we logically sanitize media by reinitializing the header information to ensure that any residual magnetic, optical, electrical, or other data representation has been deleted.
Customers are responsible for their data requirement. As such, they remove, erase, and sanitize equipment before it is decommissioned or returned back to a storage resource pool. Customers can, however, offload that responsibility to CenturyLink through contract. In that case, we use an independent media sanitization team which then provides written confirmation to the customer of sanitization or destruction.
Media security of digital and non-digital media is an imperative at CenturyLink. Chain of custody is tightly controlled. As noted in the NIST publication above, media that have been improperly disposed of may represent a privacy and security breach. There are legal ramifications to that. A company could be looking at fines, penalties, and civil litigation. There is also the potential of damage to brand name and reputation in the marketplace. We ensure that the handling of media, privacy, and confidentiality are protected from end to end.
You can read more on the subject in our Security Implementation Guide. Check out the Advance Security we have for protecting your enterprise systems and data. We offer industry leading Colocation Services as well. Better yet, start with your free trial of CenturyLink Cloud today.