Live Server Erasure - How to Erase Data From a Running Server
Securely erasing data is definitely not an easy task. Whether it's a single hard disk drive or a SSD in a laptop or many enterprise class storage devices inside a live server – just pressing the delete button on the keyboard just won´t cut it. As we have pointed out in previous blog posts, using the “Recycle Bin” and deleting a file is not enough. The same is true with just using the “format” command. Data deleted this way is not securely erased, since only a reference to the file is deleted, not the file itself. What you're essentially doing is deleting a kind of catalog entry linking towards the file. Therefore the file can be restored quite easily using various and sometimes free software tools. In the case of a laptop, securely erasing the unwanted file is better done by a special software tool which overwrites it with special algorithms based on different bit pattern.
The same is true when trying to erase data and files from a (low-end or high-end) live server. Most server operating systems are based on the same fundamental principle: Deleting a file by using the server´s operating system tools is most likely not enough. You have to securely erase it by overwriting the exact storage space where it was stored with special erasure tools.
Real life scenarios
Imagine a data center for a large cloud service provider that has to delete several virtual servers or databases from a former client, while the physical server is still running and storing other applications, in addition to data from various other clients. Here, securely erasing data from one client without affecting the functionality of the server, as well as the remaining applications and data from the other clients, is essential. Needless to say, that the server´s storage space should (nearly) work as perfect as before to store new client data on it.
Another case where data must be securely erased from a working and live server is when a pilot project has come to an end. Imagine that your company wants to test SAP HANA as your new high-end and big data analyzing platform. Due to regulations and internal requirements, you can´t utilize the cloud version of this solution, so your only option is to work with a manufacturer to implement an on-premises test environment system. Since it makes no real sense to test this solution with fake data, you will use your own business critical data to check if the system holds up to its promises. After several weeks or months of intensive testing and successfully analyzing your data, the testing is complete, but what happens with the data now? Your company most likely will not purchase this “old” test system, but instead, buy a brand new one. Additionally, the test SAP HANA will be used by other future clients, therefore, all of the business critical data, which was created during the pilot phase, must be securely deleted before a third party acquires the same system. Just erasing the whole SAP HANA is not working here, since the system should be still working after the erasure process.
Common cases when data should (and must) be securely erased from a live server are include employee data in human resources department or old project data from research and development departments. In many countries, and in all EU member states starting with the GDPR in May 2018, personal data from applicants and former employees have to be securely erased forever, otherwise the owner of the data could go to court and companies will be issued huge fines.
How is it done?
Erasing data from a live server is done with specialized data erasure tools. The leading product developer and vendor of these kinds of tools – Blancco – offers three different kind of products to securely erase data from a live server – Blancco File Eraser, Blancco Removable Media Eraser, and Blancco LUN Eraser. As the name of these products suggest, these products are specially developed to either erase files or complete LUNs in live severs with traditional hard drives. When it comes to servers who store their data on SSDs (NAND Flash Chips), then Blancco Removable Media Eraser should be used, since the hidden spaces of the memory chip cannot be accessed by normal erasure tools and not all of the data or fragments of it can be erased. In any case, the responsible IT administrator or employee has to connect the laptop to the server with the appropriate Blancco software. After the software has scanned the file structure, it's up to the user to decide what files, folders, or LUNs need to be erased. How long the erasure process lasts depends on the size of the data.
There are certainly other products on the market which may be able to do the job, what makes these solutions a great choice for companies managing large amounts of critical data. At the time the the data becomes end-of-life and must be securely deleted, the erasure processes can both be tracked, managed, and certified. Having a valid proof that a data erasure has actually taken place is of enormous importance due to regulatory and legal requirements.
Another solution to securely erasing data from a live server is to get help from specialists who do this important job for you. Kroll Ontrack offers data destruction service for companies who want to be sure that data is securely erased. For some companies, securely erasing data is not an everyday job, so these specialists have all the necessary tools and knowledge to get the job done - and certify the successful outcome in the end.
Picture copyright: Manuel/pexels.com/CC0 License