How to erase live server data, without wiping the whole system
Securely erasing data is by no means an easy task. Whether it is a single laptop hard drive or multiple drives in a server configuration - just pressing the delete button on a keyboard won´t do the job.
As we have mentioned in previous blog posts or in other articles about data erasure, using the ‘recycle bin’ to delete files is not a secure method to get rid of data, which is also true with just using the ‘format’ command. Data which is removed this way is usually recoverable again, since only the reference to the file is deleted, rather than the file itself. Think of it like deleting a record of all the books held in a library; the physical books are still there and can still be found manually. It’s a similar principle with data storage media and you can quite easily perform recoveries using free software tools. If you want to get rid of data properly you need to do so with a special software tool that allows you to overwrite information using dedicated algorithms.
It is a similar story when trying to erase data and files from live or production data storage servers. Most server operating systems are based on the same fundamental principle: deleting a file by using the server OS tools is most likely not enough and you have to securely erase it by overwriting the exact storage space where it was stored. But how do you go about targeting the erasure of specific data on a server, as opposed to erasing the whole system?
Real-life scenarios
Imagine a data centre from a large cloud service provider. It’s likely that they will need to delete several virtual servers or databases from a former client, while the physical server is still running and storing other applications and data from various other clients. In this example, securely erasing data from one client without affecting the functionality of the server as well as the remaining applications and data from the other clients is essential.
Let’s take another example: imagine that your company wants to test SAP HANA as your new high-end and big data analysing platform. Due to regulations and internal requirements you can´t use the cloud version of this solution and ask a vendor such as Dell EMC for an on-premise test environment system. Since it makes no real sense to test this solution with pseudo data, you will use your own business critical data to check if the system holds up to its promises. After several weeks or months of intensive testing and successfully analysing your data the tests end, but what happens to the data? Your company most likely will not purchase this ‘used’ test system, but will buy a brand new one. Additionally, the test SAP HANA will be used by the vendor for demos with other customers. All of the data must therefore be securely deleted before a third party gets hold of the system. Just erasing the whole SAP HANA system is not a viable solution, since it should still be fully functional after the erasure process.
Other common cases where data must be securely erased from running servers include employee data in HR departments and old project data in external R&D teams. In many countries and in all EU member states, starting with the GDPR start in May 2018, personal data from customers and former employees have to be securely erased, otherwise the owner of the data could go to court and the company can be sentenced to a huge fine. It is also necessary to document the process in case it needs to be audited in the future.
How can you erase this data securely?
Erasing data from a live server is possible with specialist software tools, however the type of storage device and data structures will determine the exact tool required. As you’re looking for something that will erase targeted areas of the storage (and not the whole system), it is necessary to use fit-for-purpose tools that provide this functionality.
If you’re erasing virtual environments there are different ways you can go about it depending on the circumstance. This article gives you a good overview of the different methods available for VMs and shared file servers, plus how to target individual LUNs in an active storage system. However, in a nutshell you should be looking for a dedicated tool for the exact type of data/media you are trying to erase. For example, if you are looking for a tool to erase files and folders on a shared server, you should be looking for software tool that lets you target that information only, whilst keeping the rest of the data intact. You’ll also be better off looking for something that lets you automate the process to a schedule that you can choose, like erasing files from a certain area when a user shuts down their PC, or wiping a shared folder each week. This is a typical scenario for organisations that need to erase sensitive project data or customer payment information on an ongoing basis.
This is all well and good for systems that rely on traditional, magnetic HDDs, but what about servers that use SSDs? This media type uses different technology to store data; therefore it requires a slightly different method to erase it, as normal HDD erasure software can end up leaving hidden spaces of the NAND flash chips untouched. Some erasure tools are advanced enough to allow access to these hidden data areas and ensure that any residual information is properly sanitised from SSDs.
When choosing a solution to get rid of data in live storage environments, the effectiveness of the software in regards to erasing the data is just the beginning. You should also consider if your tool offers the ability to report on the processes it completes, so you can verify and prove that the data is really gone. Having that proof in the form of an electronic report will give you complete peace of mind that the erasure process has been carried out successfully, plus you can keep it for your records and/or legal reasons. It’s also wise to make sure that you choose a certified, independently verified solution. This holistic approach will ensure that you are using a fit-for-purpose tool that allows you to maintain total data security.
Does your organisation have a process in place for erasing data in live environments? What software or tools do you use to achieve this? Let us know by commenting below, or tweet @DrDataRecovery
