Traditionally, getting rid of data from storage media has often been limited to hard drives from old PCs and laptops once they reach the end of their useable lifespan. However, with today’s technology the need to securely erase information has extended way past the point of erasing just single drives and encompasses much more than just physical storage.
For instance, large storage systems that you’ll find in data centre and cloud environments use virtualisation to improve resource efficiency and utilisation whilst decreasing costs. If we look at cloud specifically, security is widely considered to be the largest initial obstacle to overcome for an organisation when getting into the cloud. If security is a concern when getting into the cloud, there should also be a concern about leaving the cloud or switching providers. It is at this point where virtual systems present unique challenges and risks when it comes to getting rid of data securely.
So we can get an idea of the challenges associated with this, let’s use an example to put it into context: Imagine a corporate organisation is engaged with a managed service provider that hosts customer data in a cloud-based environment. The service provider uses virtualised infrastructure to partition storage space across multiple customers. If a customer terminates their contract with the service provider for whatever reason, what assurances do they have that their sensitive business data will be securely erased from the virtualised system? On the other side of the coin; how can the service provider securely erase data from just one customer, whilst preventing downtime for their other customers and avoiding wiping the entire system? They should also be able to prove to the customer that the erasure process has been completed successfully.
This scenario shows just how important it is for cloud hosting/managed IT providers (and their customers) to be aware of the processes in place for erasing data and understand the need for erasing data throughout a device’s lifecycle, rather than just when hardware becomes ‘end-of-life’. To find solutions to these problems, in this article we’ll delve into the concept of ‘live environment erasure’ and explore why it’s necessary to remove data from virtual systems in a secure way.
Why erase virtual data?
The idea of erasing data in a live storage environment is all to do with looking past the traditional notion of erasing data only when hardware reaches the end of its useable life. It encompasses how storage equipment in data centres and virtual environments should be securely erased so that no recovery is possible. It also involves sanitising other through-life data such as sensitive files and folders stored on shared servers or user machines.
First things first, one of the main reasons data should be erased throughout the lifecycle of storage is to do with cost; organisations can make significant savings in their IT budget by reassigning or reselling storage instead of physically destroying it for good. Complex data storage systems like those that use Fusion-IO technology are expensive to replace, with some drives costing thousands of pounds each. Therefore it makes more sense economically to securely erase the data on a drive or virtual system using software, rather than use complete media destruction methods such as shredding.
Delete doesn’t mean deleted
Secondly, we all (should!) know that simply pressing delete doesn’t mean data has been removed from a hard drive. This is also true for cloud, data centre and virtual systems. If data gets deleted from any media type it can be recovered in most cases, which is something professional data recovery companies like Kroll Ontrack do on a regular basis.
Worryingly, there is still often a misconception about the effectiveness of deletion commands or using freeware to attempt to get rid of data. In reality, businesses need to ensure that they have a secure, documented process that uses proven software to fully erase information.
As in the example earlier; data centre and cloud providers should be erasing customer data securely, including managed IT providers who provide hosting services. Corporations that lease storage in data centres and manage environments remotely should also understand what happens when they exit their contract and what happens to their data. Not only this, but if organisations have specific IT security policies for specific files or folders (e.g. shared file servers with sensitive project or customer information) they should also have processes in place for erasing this data properly.
It’s therefore, important to have a thorough, end-to-end data storage process in cloud, data centre and virtual environments that is security conscious. That means any organisation should include a secure erasure process for their virtual infrastructure and any through-life data, such as files and folders containing sensitive information. It’s not just best practice and blue-sky thinking though; we’ll now take a look at the legislation that requires proper data sanitisation.
Legislation and standards
Aside from existing National Data Protection laws, the main legislation to look out for in the future is the updated EU General Data Protection Regulation (GDPR), which will come into force in May 2018. This will demand that organisations must be able to erase data quickly and permanently. It will also affect all companies who trade with EU nations, not just the EU member states themselves, therefore organisations in the UK, United States and Asia for example will still have to comply. In addition there are many regional-specific regulations/standards, but here are a couple you should definitely be aware of when it comes to erasing data in live storage environments:
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for companies that process and/or store payment card data. When we read that in real terms, we’re talking about almost every business! The need for secure data erasure is clearly defined here, with requirement 3.1 for PCI DSS compliance specifically stating:
- 3.1 Keep cardholder data storage to a minimum by implementing data retention and disposal policies, procedures and processes, as follows:
- 3.1.1 Implement a data retention and disposal policy that includes:
- Limiting data storage amount and retention time to that which is required for legal, regulatory, and business requirements
- Processes for secure deletion of data when no longer needed
- Specific retention requirements for cardholder data
- A quarterly automatic or manual process for identifying and securely deleting stored cardholder data that exceeds defined retention requirements.
You can read the full document here. The recommended guidance for adhering to these requirements mentions that the “extended storage of cardholder data that exceeds business need creates an unnecessary risk” and advises ‘implementing secure deletion methods (to) ensure that the data cannot be retrieved when it is no longer needed.”
As payment card information is likely to be collected on an ongoing basis and stored on some form of file server, organisations can therefore be presented with the sometimes complex problem of being able to delete only specific data. If your retention policy dictates that customer records can be kept for no longer than 5 years, how do you manage the data that needs removing whilst keeping the rest of it intact?
Many larger organisations and IT service providers comply with this security standard, which helps to manage the security of information such as financial information, intellectual property or information trusted to you by third parties. This ISO standard specifically states:
All items of equipment containing storage media shall be verified to ensure that any sensitive data and licenced software has been removed or securely overwritten prior to disposal or re-use.
Any data storage media your organisation uses should therefore be erased properly before it is disposed and/or reused. A process should also be in place to verify that the erasure has taken place and was successful in removing the data. Does your organisation already do this?
This standard provides a very thorough overview of ‘storage security’ recommendations, including data sanitisation. It mentions specifically:
- Threats to storage systems and infrastructure include the improper treatment or sanitisation after end-of-use
- Companies may be in breach of country-specific privacy requirements if there is insufficient evidence of security (e.g. audit logs, proof of encryption/sanitisation)
- Logical sanitisation should be used to clear virtualised storage, especially when the actual storage devices and media cannot be determined.
- Sanitisation of media at end-of-use situations is recommended, even when using encryption methods.
Interestingly it is recommended to erase data securely even when encryption has been used, but again a key point here is the evidence of security; if you do not have a log or report from your data deletion processes then how can you prove that they ever happened? What’s more, how do you know for sure that your methods were successful in getting rid of the data?
How should you erase virtual data?
Now that we’ve seen that erasing data is an essential practice, it’s important to keep in mind that erasure processes for virtual data do not have to be complicated, no matter what system you’re running. There are dedicated tools available that let you target the data you need, automate the commands and allow you to erase multiple drives or logical units at once, all from a central system. For example this dedicated LUN erasure tool will provide you with targeted, permanent data erasure, plus you’ll get detailed reports showing when/how the process was completed – extremely useful for auditing and compliance purposes.
If you need to erase specific files and folders on a desktop or server then it is also necessary to use a fit-for-purpose tool rather than simply using Windows commands. This will allow you to safely and permanently remove targeted files and folders without erasing the whole system. You could take this one step further and automate the entire process; for example you could create an automated policy to erase specified areas of a user’s desktop on shutdown, or schedule a routine script to erase folders on a shared file server or VM. This could be particularly useful if your organisation has shared project folders or sensitive financial documents that need to be removed on a regular basis with minimal hassle. Using a certified tool like Blancco File will provide you complete peace of mind and automatically issue a tamper-proof report after the process has been completed.
An end-to-end process
Secure data erasure should be a process that is implemented into all areas of IT infrastructure, not just for end-of-life assets. If you’re an IT service provider or hosting company, you should have clearly defined policies in place to deal with customer data when it needs removing from your storage infrastructure and ensure you can prove that the process has been completed. If you are an organisation that outsources your IT management or has an internal IT team, you should be looking at your storage media with same level of scrutiny and maintain a thorough understanding of how your data is handled – both throughout its lifespan and when it is no longer needed.
It’s worth mentioning that this article is by no means an extensive guide and different systems may require bespoke processes. However, it is imperative to ensure that no matter what type of storage you use that there is a secure process in place for getting rid of the data. Failure to do so could not only result in significant fines under the upcoming GDPR legislation, but could also have serious effects on your business stakeholders and brand reputation if you were to suffer a data breach.
Using a certified data erasure tool can go a long way to help you automate virtual data erasure processes, take out the hassle and give you peace of mind that your data will not end up in the wrong hands.
How do you erase your virtual data? Do you have specific file retention policies in place that require ongoing erasure procedures? Let us know by commenting below, or tweet @DrDataRecovery.