With increasing volumes of mission-critical data being stored in the cloud, there is a widespread concern about security of data in storage and archive and a growing need to ensure that deleted or destroyed data becomes unrecoverable. However, the nature of cloud backups make it impossible to say with certainty where the data resides and how the archives of data are maintained and whether destroyed data can be recovered by other means. Destruction of data in the cloud is further complicated by the fact that provider’s data management infrastructure may or may not support your destruction requirements and may not allow the use of data destruction software tools on the data storage. Hence,destruction of data completely and irrecoverably in this scenario becomes fraught with difficulties.

Data is considered completely destroyed only when data is deleted from the drive, cannot be recovered by any means and content discovery tools can no longer discover the data in the archive or storage.

So, how does one destroy data in cloud backups so that business security is not compromised?

One method of destroying data in a cloud that is gaining popularity is Crypto Shredding. This methodology relies less on physical access to storage. It involves deliberate destruction of all encryption keys for the data and the destruction of the encryption protocol itself. The keys are made unrecoverable by rotating the key for active storage and shredding it. It follows that archival data is also destroyed once the keys become unavailable. However, if the cloud provider cannot rotate the encryption keys or ensure key deletion, this methodology cannot be used.

Another secure data destruction methodology is Disk/Free space wiping and physical destruction. This option is available if the cloud backup vendor allows the business a low level administrative access to the physical storage or includes this service as part of the procedure for management of the data drives. The software tool must be used to overwrite the data 1-3 times. Degaussing or use of strong magnets is then used for scrambling data in hard drives so that data becomes unrecoverable. Complete destruction of the physical storage devices and shredding actual magnetic media are also undertaken in some instances.

However, after the destruction is complete or reported complete by the vendor, it is necessary to use content discovery tools to ensure that traces of the data is not available on the backup drives in the cloud. Considering how complex the storage, archive and backup strategies are in the cloud, it can never be said with certainty that all data has been securely destroyed and has become unrecoverable.

Since destruction of archives of data is completely dependent on the cloud service provider and the kind of infrastructure that provider deploys for the purpose, service level agreements (SLAs) assume a lot of importance. The SLA must specify secure data destruction methodologies that have been put in place by the vendor and also provide information regarding the possibility of using tools such as crypto-shredding and/or degaussing on the data that needs to be destroyed. The policy with regard to archived data and destruction of the same should also be spelled out in the SLA.

SecurStore provides a bespoke offsite backup solutioncatered for customers who have both mission-critical data and non-critical data i.e. it provides customers with a secure & efficient backup and recovery solution which is sustainable over time. This coupled with agentless technology and advanced support for all environments and applications makes it suitable for any type of business, data centre provider or reseller.