Data Remanence in the Cloud

Foto: S.Bär

Any critical data must not only be protected against unauthorized access and distribution, but also securely deleted at the end of its life-cycle. For organizations storing information related to health, financial or defense it is mandatory to ensure that no data is left on disks from where it is exposed to the risk of being recovered by malicious users. This problem is generally referred to Data Remanence.

When you have full control of your file servers, you would use tools like this that overwrite the corresponding sectors on the disk several times to literally destroy any physical trace of a file. But how would you do this in the cloud?

The technique of overwriting file sectors does not work without the collaboration of the cloud provider. You are not given access to the physical device, but only to higher level abstractions like file-systems (e.g. Amazon EBS) or key-value based APIs (e.g. Amazon S3). In SaaS/Paas environments, access only happens on the data level. Until cloud providers start paying attention to this issue (I am not aware of even a single provider) and offer secure deletion as a feature of there services, there is only one solution that works already today at least on IaaS platforms: strongly encrypt your data and keep the key at a safe place, i.e. outside the cloud where your data is stored. Secure deletion then becomes nothing more than destroying the key.

2 thoughts on “Data Remanence in the Cloud

  1. Pingback: Are you convinced you deleted that cloud file? - Security Curated

  2. Pingback: Are you convinced you deleted that cloud file? - Cloud Curated

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s