Monday, December 26, 2022

Data Destruction In The Cloud: What Does Really Happen???

 


One of the fallacies in the world of IT, especially for end users is that once you delete a file, it is permanently gone.  While it may appear to be the case when you to try to find it, the truth of the matter is that it is still lurking in your hard drive somewhere, in a partition that is not used as much. 

The only way to retrieve it is through some means, which I am not totally familiar with.  In fact, that is what forensics experts look for.  Have you seen those news shots where law enforcement is taking stuff from a house?

They are of course still collecting evidence from it, but this is known more specifically as “latent evidence”.  This is information and data that has been erased, but the remanence of it still remains.  Through this, the forensics can then extract this kind of data, and literally reconstruct back into its entire structure. 

In fact, trying to thoroughly get rid of data and information is an entire field of itself in Cyber, and there are many companies out there that are doing well in this business.  Technically, this is known as “Data Destruction”.

These companies have the tools and equipment to completely wipe out your hard drives of anything and everything before they are discarded.  So, if you are trying to get rid of some old hard drives or even other types of wireless devices that your company does not need anymore, just don’t simply discard them in your outside dumpsters.  Believe it or not, Cyberattackers still “Dumpster Dive”, in search of such prized possessions.

To them, it is very often a challenge to break into the hard drive, and fetch out whatever they can.   But data destruction does not end there.  With the data privacy laws that now abound, most businesses are now required to retain data for a certain time period, for the purposes of auditing. 

The length of this will vary depending upon the industry that your are in.  It’s like keeping your tax records for seven years, you just never know.

Once this time frame is over, you can then purge your databases of this data, of course, by contacting a data destruction company, and doing it the right way.  Now, this is all great if you still have an On Premises IT infrastructure. 

I mean after all; you are physically holding those hard drives. But now that everybody is more or less moving to the Cloud, how does data destruction actually happen?

The AWS and Microsoft Azure definitely have great tools that you can use to keep your data for whatever time period you need or want.  But take a moment and think about this one:  If you don’t want a file anymore from one of your SaaS based applications, you can always click “Delete File”. 

But in the end, where does it really go?  After all, you are now dealing in with a virtual world, so you simply cannot claim it is still in a hard drive somewhere.

Well, I came across a very interesting article this morning in the “Dark Reading” online news portal.  The author of this article asked the very same question I am asking now.  But he went the extra miles to contact the AWS and Azure and Google to try to get some answers.  His responses are as follows:

“Outreach to the major services either was ignored or answered with generic statements about how they protect your data. What happens to data that is "released" in a cloud service such as AWS or Azure? Is it simply sitting on a disk, nonindexed and waiting to be overwritten, or is it put through some kind of "bit blender" to render it unusable before being returned to available storage on the service? No one, at this point, seems to know or be willing to say on the record.”

(SOURCE:  https://www.darkreading.com/cloud/data-destruction-policies-in-the-age-of-cloud-computing-).

I even did a cursory look into Azure to see if they answer this very question.  The responses vary greatly, but in general, the consensus is that once you a delete a Virtual Machine (VM), there is not much more you can do beyond that.  From there, it is up to Microsoft to decide how to handle the actual, destruction processes.

The only answers I could find was that data is purged, and can be no longer accessible through various techniques it uses, which are compliant with the various data privacy laws.  But beyond that, no other specifics were offered. 

So in the end, the author of that article simply concluded that at the present time, Cloud based tenants are not given the option for them to make sure that the information and data are completely and 110% purged from the confines of Azure.

Based upon my knowledge of the Cloud, I think the reason why the AWS and Azure does not provide the specifics on their Data Destruction policies is that once you create a VM, it can be stored either in one physical server or multiple pieces of hardware. 

And, when you store that data onto this VM, it too could be sprawled about many different data centers.  But when you access your VM, it looks like everything is one central repository.  But that is not the case.

That is was why I think the AWS and Azure don’t tell you how the data destruction takes place specifically – that would be giving away their trade secrets.  But keep this one thing in mind.  Your VM is actually hosted on physical server, or even physical servers . . . but where they are located at, you will never know.

My Thoughts On This:

Now, another tricky spot is suppose you have a client that wants proof that their data has been thoroughly purged from your VM.  What can you tell them?  Well, as bad as it may sound the only thing you can tell them is that you are at the mercy of the Cloud provider to ensure that this does actually happen.  All you can do is assure them that they are doing things that are completely compliant with the data privacy laws. 

This is especially true for the defense contractors that deal with the DoD when it comes dealing with their data sets.  They also want that proof that their datasets they have provided are completely purged from the Cloud.  But once, there are no firm answers to give out. 

No comments:

Post a Comment

Here Comes 2025: The Major Cyber Threats To Happen

  Ok, here we   go, as we fast approach now into 2025, here are the predictions as what the major Threat Variants and Attack Vectors will be...