Traditionally, getting rid of data from storage media has often been limited to hard drives from old PCs and laptops once they reach the end of their usable lifespan. However, with today’s technology, the need to securely erase information has extended way past the point of erasing just single drives and encompasses much more than just physical storage.
For example, the large storage systems that you find in data centers and cloud environments use virtualization to improve resource efficiency and utilization while decreasing costs. If we look at the cloud, security is widely considered to be the largest initial obstacle to overcome for an organization when moving into the cloud. If security is a concern when getting into the cloud, there should also be a concern about leaving the cloud or switching providers. It’s at this point where virtual systems present unique challenges and risks when it comes to getting rid of data securely.
Just so we can get an idea of the challenges associated with this, let’s use an example to put it into context. Imagine a corporate organization is engaged with a managed service provider that hosts customer data in a cloud-based environment. The service provider uses a virtualized infrastructure to partition storage space across multiple customers. If a customer terminates their contract with the service provider, what assurances do they have that their sensitive business data will be securely erased from the virtualized system? On the other side of the coin, how can the service provider securely erase data from just one customer, while preventing downtime for their other customers and avoiding wiping the entire system? They should also be able to prove to the customer that the erasure process has been completed successfully.
This scenario shows just how important it is for cloud hosting/managed IT providers (and their customers) to be aware of the processes in place for erasing data and understand the need for erasing data throughout a device’s life cycle, rather than just when hardware becomes end-of-life. To find solutions to these problems, we’ll delve into the concept of ‘live environment erasure’ and explore why it’s necessary to remove data from virtual systems in a secure way.
Why erase virtual data?
The idea of erasing data in a live storage environment has to do with looking past the traditional notion of erasing data only when hardware reaches the end of its usable life. It encompasses how storage equipment in data centers and virtual environments should be securely erased so that no recovery is possible. It also involves sanitizing other data, such as sensitive files and folders stored on shared servers or user machines.
First things first, one of the main reasons data should be erased throughout the life cycle of storage is to do with cost; organizations can make significant savings in their IT budget by reassigning or reselling storage instead of physically destroying it for good. Complex data storage systems like those that use Fusion-IO technology are expensive to replace, with some drives costing thousands of dollars each. Therefore, it makes more sense economically to securely erase the data on a drive or virtual system using software, rather than use complete media destruction methods such as shredding.
Delete doesn’t mean delete
Secondly, we all (should!) know that simply pressing delete doesn’t mean data has been removed from a hard drive. This is also true for cloud, data center and virtual systems. If data gets deleted from any media type it can be recovered in most cases, which is something our engineers do (and see) on a regular basis.
There’s still a misconception about the effectiveness of deletion commands or using freeware to attempt to get rid of data. In reality, businesses need to ensure that they have a secure, documented process that uses proven software to fully erase information.
As in the example earlier; data center and cloud providers should be erasing customer data securely, including managed IT providers who provide hosting services. Corporations that lease storage in data centers and manage environments remotely should also understand what happens when they exit their contract and what happens to their data. Not only this, but if organizations have specific IT security policies for specific files or folders (e.g. shared file servers with sensitive project or customer information), they should also have processes in place for erasing this data properly.
Therefore, it’s important to have a thorough, end-to-end data storage process in cloud, data center, and virtual environments that is “security first.” That means any organization should include a secure erasure process for their virtual infrastructure and any through-life data, such as files and folders containing sensitive information. It’s not just best practice and blue-sky thinking though; we’ll now take a look at the legislation that requires proper data sanitization.
Legislation and standards
Aside from existing National Data Protection laws, the main legislation to look out for in the future is the updated EU General Data Protection Regulation (GDPR), which will come into force in May 2018. This will demand that organizations must be able to erase data quickly and permanently. It will also affect all companies who trade with EU nations, not just the EU member states themselves, so organizations in the UK, United States and Asia for example will still have to comply. In addition, there are many regional-specific regulations/standards, but here are a couple you should definitely be aware of when it comes to erasing data in live storage environments:
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for companies that process and/or store payment card data. When we read that in real terms, we’re talking about almost every business! The need for secure data erasure is clearly defined here, with requirement 3.1 for PCI DSS compliance specifically stating:
“3.1 Keep cardholder data storage to a minimum by implementing data retention and disposal policies, procedures and processes, as follows:
3.1.1 Implement a data retention and disposal policy that includes:
- Limiting data storage amount and retention time to that which is required for legal, regulatory, and business requirements
- Processes for secure deletion of data when no longer needed
- Specific retention requirements for cardholder data
- A quarterly automatic or manual process for identifying and securely deleting stored cardholder data that exceeds defined retention requirements.”
You can read the full document here. The recommended guidance for adhering to these requirements mentions that the “extended storage of cardholder data that exceeds business need creates an unnecessary risk” and advises ‘implementing secure deletion methods (to) ensure that the data cannot be retrieved when it is no longer needed.”
As payment card information is likely to be collected on an ongoing basis and stored on some form of file server, organizations can occasionally be presented with the complex problem of being able to delete only specific data. If your retention policy dictates that customer records can be kept for no longer than 5 years, how do you manage the data that needs removing while keeping the rest of it intact?
Many larger organizations and IT service providers comply with this security standard, which helps to manage the security of information such as financial information, intellectual property or information trusted to you by third parties. This ISO standard specifically states:
“All items of equipment containing storage media shall be verified to ensure that any sensitive data and licensed software has been removed or securely overwritten prior to disposal or re-use”.
Any data storage media your organization uses should be erased properly before it is disposed and/or reused. A process should also be in place to verify that the erasure has taken place and was successful in removing the data. Does your organization already do this?
This standard provides a very thorough overview of ‘storage security’ recommendations, including data sanitization. It mentions specifically:
- Threats to storage systems and infrastructure include the improper treatment or sanitization after end-of-use
- Companies may be in breach of country-specific privacy requirements if there is insufficient evidence of security (e.g. audit logs, proof of encryption/sanitization)
- “Logical sanitization should be used to clear virtualized storage, especially when the actual storage devices and media cannot be determined.”
- “Sanitization of media at end-of-use situations is recommended, even when using encryption methods.”
Interestingly, it’s recommended to erase data securely even when encryption has been used, but a key point here is the evidence of security; if you do not have a log or report from your data deletion processes then how can you prove that they ever happened? Even more, how do you know for sure that your methods were successful in getting rid of the data?
How should you erase virtual data?
Now that we’ve seen that erasing data is an essential practice, it’s important to keep in mind that erasure processes for virtual data do not have to be complicated, no matter what system you’re running. There are dedicated tools available that let you target the data you need, automate the commands and allow you to erase multiple drives or logical units at once, all from a central system. For example, this dedicated LUN erasure tool will provide you with targeted, permanent data erasure, plus you’ll get detailed reports showing when/how the process was completed – extremely useful for auditing and compliance purposes.
If you need to erase specific files and folders on a desktop or server, then it’s also necessary to use a fit-for-purpose tool rather than simply using Windows commands. This will allow you to safely and permanently remove targeted files and folders without erasing the whole system. You could take this one step further and automate the entire process; for example, you could create an automated policy to erase specified areas of a user’s desktop on shutdown, or schedule a routine script to erase folders on a shared file server or VM. This could be particularly useful if your organization has shared project folders or sensitive financial documents that need to be removed on a regular basis with minimal hassle. Using a certified tool like Blancco File will provide you complete peace of mind and automatically issue a tamper-proof report after the process has been completed.
An end-to-end process
Secure data erasure should be a process that is implemented into all areas of IT infrastructure, not just for end-of-life assets. If you’re an IT service provider or hosting company, you should have clearly defined policies in place to deal with customer data when it’s time to remove data from your storage infrastructure and ensure you can prove that the process has been completed. If you are an organization that outsources your IT management or has an internal IT team, you should be looking at your storage media with same level of scrutiny and maintain a thorough understanding of how your data is handled – both throughout its lifespan and when it is no longer needed.
It’s worth mentioning that this article is by no means an extensive guide and different systems may require custom processes. However, it’s imperative to ensure that no matter what type of storage you use, there needs to be a secure process in place for getting rid of the data. Failure to do so could not only result in significant fines under the upcoming GDPR legislation, but could also have serious effects on your business stakeholders and brand reputation if you were to suffer a data breach.
Using a certified data erasure tool can go a long way to help you automate virtual data erasure processes, take out the hassle and give you peace of mind that your data will not end up in the wrong hands.
Author: Matt Prince
Image: Markus Spiske https://www.pexels.com/photo/green-water-fountain-225769/