Published on Oct 27, 2020 Up until a few years ago, there were very few incentives to destroy or delete data. Storage is cheap; it’s difficult or impossible to get information back after deleting it; situations can arise where they need old files; deleting important data by mistake can cause serious problems.
For these reasons, computer systems have a design bias in favor of keeping data. Dragging files to the Recycle Bin does not immediately delete them. Backup systems tend to copy everything, and offsite copies of data is necessary for disaster recovery.
Irrevocable deletion of data is hard by design. Usually that’s a good thing, but sometimes it’s a requirement. Privacy laws with “Right to be forgotten” requirements demand the deletion of personal data under certain conditions. From a cybersecurity standpoint, personal financial and health data is burdensome to protect and getting rid of it when it is no longer required reduces the impact of a breach.
Fully destroying data so that no one can recover it is harder than it looks. The longer it is retained, the harder it gets. Wiping data completely from everywhere requires serious diligence.
A discarded computer or disk drive can be a rich source of information for dumpster divers. They don’t need to know the user password when they have physical possession of the disk.
Casual methods of erasing a drive aren’t entirely effective. “Formatting” a drive deletes directory information but not the bits of the file. Forensic tools can often recover the contents. Full-disk encryption provides better protection. If a thief can’t get the decryption key, the disk won’t have any usable data. If the disk wasn’t encrypted, tools are available that will overwrite the disk multiple times, so there won’t be any recoverable shadow bits.
The strongest protection is an industrial disk drive shredder. Putting a drive into one of those will eliminate any chance of recovering the data – as long as there’s not a copy.
The more challenging problem is tracking down all the copies of a file and getting rid of them. Archives and backups can hold copies of information that contain sensitive data. Employees can create backups on removeable, unencrypted media. They may also look for creative ways to create backup copies using free, unsanctioned online storage.
Dealing with this problem after the fact is hard. An organization should have policies for sensitive data that limit the proliferation of copies. Any device that holds such files should be encrypted, which includes backups and redundant fail-over data. Keeping them safe throughout their lifecycle is important and necessary.
The data protection policy should specify a deletion pipeline, a process for removing deleted files from all redundant data source and failover systems.
Businesses today are becoming more comfortable storing critical and sensitive data on cloud storage platforms such as UK-based or Australian cloud storage. These services are economical, scalable, easier to maintain than on-premises systems, and may even provide a higher level of security. However, it’s important to understand how these systems handle data. When a deletion request is made it may not be immediately removed from the storage system. Most cloud storage systems will hold onto deleted data for 30 – 90 days after the initial request and it can easily be recovered during that time period.
Many cloud platforms have API’s to make it easy to get data into the platform from other systems. The deletion request from one platform may not trigger a deletion in the other.
When it’s important not to hold information any longer, processes, procedures, and technology need to ensure that all copies are safely deleted. Making sure this happens starts when the files are created, and the protections need to extend through the whole information lifecycle.
