By Sudhindra Kumar, Principal Software Engineer at NextLabs
In this blog series, we’ve discussed some of the key challenges impeding adoption of the cloud. In this instalment, we’ll talk about Data Retention and Disposal in the cloud. A lot of attention is paid to cloud data protection, regulatory compliance for cloud data, and how to handle data breaches. Of equal importance are the Data Retention and Disposal requirements. Both of them are key components of a good information security strategy.
Many government regulations have specific requirements on Data Retention periods. For e.g., HIPAA in CFR 164.530 mandates retention of data for 6 years. It is vital for each organization to define a comprehensive data retention policy. Data retention policy should reflect the data classification model and data retention rules that apply to the data. For e.g., highly sensitive data may be retained for longer periods than data that is less sensitive. Data retention policy should address the required regulatory and compliance requirements, as well as corporate legal retention requirements.
Once enterprise data exceeds the data retention period, it is critical to ensure it is disposed of securely. The Federal Trade Commission’s FACTA Disposal Rule mandates cleaning up of data once it is no longer needed. Apart from pre-defined expiry of data, there can be on-demand data disposal requirements. For e.g., the General Data Protection Regulation, a law proposed by the European Commission, and due to take effect in late 2014, has a provision for ‘Right to Erasure’. This empowers everyone to request erasure of personal data related to him or her. So it is imperative for each organization to have a comprehensive Data Disposal Plan.
Apart from compliance, Data Disposal plans are important from a security perspective as well. For e.g., a security study of Amazon’s EC2 service showed that researchers were able to recover deleted files from 98% of the AMIs (Amazon Machine Instance), from a minimum of 6 to a maximum of more than 40,000 files per AMI. The table below shows the different kinds of files that were recovered from the AMIs:
There are different ways to ensure clean data disposal in the cloud. If the data in the cloud is encrypted, one option is Crypto Shredding. This involves deletion of the encryption key, which renders the encrypted data unrecoverable. This method has the advantage that it doesn’t require physical access to the storage. OASIS has created a Key Management Interoperability Protocol Technical Committee to define standards for Key Management across diverse infrastructures, including cloud.
The next option is to overwrite the storage media with new or dummy data. This is needed since file contents might remain on the storage media even after it is deleted. This can be achieved with software and is relatively less expensive, but it can be a time consuming process, especially for high capacity storage devices.
Another option is to use Degaussing. Degaussing is the removal or reduction of the magnetic field of a storage device. This can quickly and effectively purge a storage device, but can end up permanently damaging the device.
The final option is the physical destruction of the storage device by shredding or melting. This option provides the highest assurance that the data has been destroyed, but is not sustainable in the long run, given the high capital expenses involved. All these three options require physical access to the storage media.
Data retention and disposal is a shared responsibility of both the Cloud Service Provider and the Organization that owns the data. Organizations need to ensure that the Service Level Agreements (SLAs) include a clause for data retention and safe disposal of data in the cloud. This should include auditing of data erasure to ensure that the data has indeed been removed.
For more information on Cloud Data Security, join me in my upcoming webinar.