For all traditional physical storage solutions such as tape, disk, and even paper, there are many well-documented standards and procedures available. Some sanitization standards go as far as removing the data even beyond the recovery capabilities of advanced forensics tools. The standards and procedures can be very detailed, so their implementation is not very complex from a design perspective; it has all been done before. The DoD 5220.22-M data sanitization method, for instance, covers the following process: Pass 1: Writes a zero and verifies the write Pass 2: Writes a one and verifies the write Pass 3: Writes a random character and verifies the write This example method rewrites all sectors multiple times, and this requires very low-level (physical) disk access. When data is stored with a third-party cloud provider, this gets difficult. It is not impossible, though. So what are the differences?
Physical media access
Many of the data sanitization processes take care of data remanence down to various levels. Data remanence is the term for the residual traces of the pre-existing data still detectable in the disks sectors. Overwriting a disk multiple times with zero and one values can “clean-up” these traces. For cloud solutions, this brings an important issue, however: access to the physical media is often required for this low-level task. Due to the shared and often distributed storage resources and the limited access to the OS or underlying hardware, this access is not available.
Cloud architecture differences
This lack of access to the storage media is an issue in all service levels of the cloud computer stack, but there are some differences. The deeper the Stack goes towards the physical system; the better the access will be due to increased separation of resources. This ranges from Software as a Service where access and sanitization are almost impossible for the customer, down to the Infrastructure as a service where in theory, the customer should have some control over the servers. Of course, the control is still not as in depth as in a situation where co-located, customer owned equipment is used. For the most stringent of compliance regulations, this might be the only viable option for an organization.
Solution 1: Cloud provider sanitization services
Solution 2: Encryption
Another solution is to use storage (data at rest) encryption within the cloud environment. This ensures that if the media is not properly sanitized after leaving the service, the old data is unreadable for any other party without the (destroyed) key. There are also many 3rd party encryption solutions such as LUKS, PGP, and BitLocker. As with the low-level sanitization, the right Cloud solution, and sufficient disk access is required for this. In any case, whether compliance is a factor or not, encryption of data at rest is always good practice. Encryption of data “at rest” even takes care of any backups performed of the data by the CSP. Whatever is included in the backup is unusable for 3rd parties.
Solution 3: A hybrid solution
Most cloud customers have some degree of hybrid cloud model in use. In a hybrid model, some servers and services are hosted locally, and some are located with a Cloud Service Provider. This creates an opportunity to move the less sensitive data to cloud storage and leave the data requiring strict data sanitization policies stored locally. This can have an impact on performance as servers in the cloud will need to pull in data from the local storage systems and vice versa, but if the architecture allows for this, it can be a good solution. Beware of accidental “data spills” however, which is a situation where data too sensitive to be stored in the cloud, accidentally makes it into cloud storage.
Solution 4: Isolation and a (Virtual) private cloud
Conclusion
For many organizations, Data Sanitization is part of their mandatory compliance requirements. For other organizations, Data Sanitization is part of a comprehensive, best practice security policy. It seems the Cloud Service Providers have not made this subject as simple as their customers would require it to be, although some options have been made available over the last few years. With rapid migration to the cloud, some important features and a lot of flexibility seem to have been left behind. This means there is a market still out there made up of organizations who cannot move some or all of their services to the cloud due to these limitations in Data Sanitization.