Top

Are you convinced you deleted that cloud file?

February 10, 2016

Part of data privacy protection consists in being able to permanently delete data when necessary. Data deletion is another form of user control over sensitive or private information that has been at one moment entrusted upon a device or a storage medium.

This brings out the question of how hard it is to permanently delete data, especially when it involves cloud storage. Government agencies rely on special tools for data destruction, such as WipeDrive, employed by the NSA.

Company data may also need to be safely deleted from discarded hardware or re-purposed storage devices, or simply deleted from cloud storage whenever needed. The easiest solution regards hardware that is not meant for further use – physically destroying/damaging the storage components is an option.

What happens when deleting cloud data?

When attempting to delete your data from the cloud, the user may locally delete data on his devices or use a browser or an application to access the cloud server and mark specific files as “delete-able”. Although the user sends the command to delete said files, the respective data transfers to a special file, from where it can either be restored or permanently deleted. The data control issue appears when considering the fact the permanent deletion does not equal data destruction – the user’s data can still remain somewhere in the cloud.

Illustrative cases comprise Facebook data and Flickr data not being completely and irrevocably destroyed, although the user has employed all the necessary steps in commanding the delete action.

In other words, the data you share with cloud storage providers has a questionable proprietary status and its deletion might not be what you would normally think. Physically, the files you want to delete may be in a data storage center anywhere on the globe and remain as such for years, accessible via sophisticated hacking attacks or via forensic-type methodologies. The baseline would be that any data stored in the cloud could be there for a long time, with or without user consent.

Solutions in cloud data deletion

There are providers that offer cloud storage in association with storage controller tools that allow users to preset retention policies – for snapshots. Companies that choose such storage services are able to set a cyclic deletion that allegedly comes with permanent data destruction.

Cloud storage controllers fight cloud anxiety for the more privacy-preoccupied clients, and come in many versions, from companies such as AWS, Microsoft, Panzura, Nasuni (link above), Riverbed, Twinsatra. This associated feature improves the cloud data management process, deletion included.

Classic individualized solutions (tailored for each storage provider) have online dedicated posts, too. For example, you may see here a New York Times answer on how to delete files from Microsoft’s OneDrive.

Other online tutorials only tackle the surface of the problem when instructing users to delete their old Apple iCloud backups – no mention of what happens to the cloud located data after following these steps.

Besides permanently deleting company data, sensitive or private data from the cloud environment for classification, archiving and privacy reasons, cloud clients may want to delete data in view of cleaning and re-organizing their stored information. For such cases, cloud services providers may offer a standard procedure or guidelines – removing or merging duplicates, modifying access policies or eliminating outdated information may be easily accomplished if the provider has tailored solutions and accessible guidelines. You may check here an instructional Salesforce material on data management applications for data administrators, in order to have an example of professional approach.

Cloud data remanence

As we could see above, the in-depth solutions for data deletion depend on professionals and are associated with the most flexible cloud storage providers. The issue of superficially deleted data persists because not all IaaS (Infrastructure-as-a-Service) providers associate their storage services with efficient control management tools when deletion is involved. Even though the user goes through the process of marking the data for deletion and gets back the message of “operation accomplished”, the data continues to be present somewhere in the vast cloud storage environment.

The support coming from the cloud provider is essential when ensuring that your data access comes with full privileges that include the possibility of data deletion and overwriting the corresponding storage space over and over again in order to make it impossible for the old data to be reconstructed. However, even when the cloud providers include access to higher-level file-systems or to key-value based APIs, the same deletion logic one would apply on server storage cannot translate into cloud storage.

Data remanence qualifies as a major threat, one for which the only available solution so far would be storing only the encrypted version of the data you might need to erase later – and destroying the key rather than striving to permanently destroying the cloud data itself.

A positive element would be precisely the fact that the threat of residual or remanent data has been acknowledged and the specialists try to develop mechanisms that would remedy this issue.

Enterprise cloud services sometimes include features that allow better data management, secure deletion included. For example, here you may check the description of a secure delete function available for private cloud environments only, with file types limitations and details included.

In conclusion, due to the inherent nature of the cloud, data deletion is a rather sophisticated matter, inaccessible for simpler users and only partially controllable for most of the company accounts, depending on what the Cloud Service Agreements (CSAs) terms are.

Keeping your data encrypted in the cloud would be the most accessible risk avoidance measure. It does not solve the data remanence problem, but at least it attempts to make the residual data unusable in the case malevolent factors access it after the formal command of deletion has been launched by the account owner.