One of the fallacies in the world of IT, especially for end
users is that once you delete a file, it is permanently gone. While it may appear to be the case when you
to try to find it, the truth of the matter is that it is still lurking in your
hard drive somewhere, in a partition that is not used as much.
The only way to retrieve it is through some means, which I
am not totally familiar with. In fact,
that is what forensics experts look for.
Have you seen those news shots where law enforcement is taking stuff
from a house?
They are of course still collecting evidence from it, but
this is known more specifically as “latent evidence”. This is information and data that has been erased,
but the remanence of it still remains.
Through this, the forensics can then extract this kind of data, and
literally reconstruct back into its entire structure.
In fact, trying to thoroughly get rid of data and
information is an entire field of itself in Cyber, and there are many companies
out there that are doing well in this business.
Technically, this is known as “Data Destruction”.
These companies have the tools and equipment to completely wipe
out your hard drives of anything and everything before they are discarded. So, if you are trying to get rid of some old
hard drives or even other types of wireless devices that your company does not
need anymore, just don’t simply discard them in your outside dumpsters. Believe it or not, Cyberattackers still “Dumpster
Dive”, in search of such prized possessions.
To them, it is very often a challenge to break into the hard
drive, and fetch out whatever they can.
But data destruction does not end there.
With the data privacy laws that now abound, most businesses are now
required to retain data for a certain time period, for the purposes of
auditing.
The length of this will vary depending upon the industry
that your are in. It’s like keeping your
tax records for seven years, you just never know.
Once this time frame is over, you can then purge your databases
of this data, of course, by contacting a data destruction company, and doing it
the right way. Now, this is all great if
you still have an On Premises IT infrastructure.
I mean after all; you are physically holding those hard
drives. But now that everybody is more or less moving to the Cloud, how does
data destruction actually happen?
The AWS and Microsoft Azure definitely have great tools that
you can use to keep your data for whatever time period you need or want. But take a moment and think about this
one: If you don’t want a file anymore
from one of your SaaS based applications, you can always click “Delete File”.
But in the end, where does it really go? After all, you are now dealing in with a
virtual world, so you simply cannot claim it is still in a hard drive
somewhere.
Well, I came across a very interesting article this morning in
the “Dark Reading” online news portal.
The author of this article asked the very same question I am asking
now. But he went the extra miles to
contact the AWS and Azure and Google to try to get some answers. His responses are as follows:
“Outreach to the major services either was ignored or
answered with generic statements about how they protect your data. What happens
to data that is "released" in a cloud service such as AWS or Azure?
Is it simply sitting on a disk, nonindexed and waiting to be overwritten, or is
it put through some kind of "bit blender" to render it unusable
before being returned to available storage on the service? No one, at this
point, seems to know or be willing to say on the record.”
(SOURCE: https://www.darkreading.com/cloud/data-destruction-policies-in-the-age-of-cloud-computing-).
I even did a cursory look into Azure to see if they answer
this very question. The responses vary
greatly, but in general, the consensus is that once you a delete a Virtual
Machine (VM), there is not much more you can do beyond that. From there, it is up to Microsoft to decide
how to handle the actual, destruction processes.
The only answers I could find was that data is purged, and
can be no longer accessible through various techniques it uses, which are compliant
with the various data privacy laws. But beyond
that, no other specifics were offered.
So in the end, the author of that article simply concluded
that at the present time, Cloud based tenants are not given the option for them
to make sure that the information and data are completely and 110% purged from the
confines of Azure.
Based upon my knowledge of the Cloud, I think the reason why
the AWS and Azure does not provide the specifics on their Data Destruction
policies is that once you create a VM, it can be stored either in one physical
server or multiple pieces of hardware.
And, when you store that data onto this VM, it too could be sprawled
about many different data centers. But
when you access your VM, it looks like everything is one central repository. But that is not the case.
That is was why I think the AWS and Azure don’t tell you how
the data destruction takes place specifically – that would be giving away their
trade secrets. But keep this one thing
in mind. Your VM is actually hosted on
physical server, or even physical servers . . . but where they are located at,
you will never know.
My Thoughts On This:
Now, another tricky spot is suppose you have a client that
wants proof that their data has been thoroughly purged from your VM. What can you tell them? Well, as bad as it may sound the only thing
you can tell them is that you are at the mercy of the Cloud provider to ensure
that this does actually happen. All you
can do is assure them that they are doing things that are completely compliant
with the data privacy laws.
This is especially true for the defense contractors that
deal with the DoD when it comes dealing with their data sets. They also want that proof that their datasets
they have provided are completely purged from the Cloud. But once, there are no firm answers to give
out.
No comments:
Post a Comment