Cloud services, recycled hard drives leak critical data; IT doesn't notice

Up to half of hard drives hold residual data from previous users, even drives installed in clouds

By  

At Slicehost, which is now owned by Rackspace, more than the usual amount of remnant data was caused by a security flaw in the underlying operating system.

To fix the flaw and get rid of the remnant data, Slicehost had to ask clients to migrate to different servers – a process that carries its own risk that disks or data will become corrupt during the move.

Little of the data could be found without forensic tools, Slicehost told customers, and none of it had been found to have been recovered and reused by unauthorized clients.

The data did expose the clients who owned it to the risk of loss through no fault of their own, in a way they could not anticipate or even investigate, because they weren't authorized to use forensic tools on those servers to check whether they were clean.

Encrypting data stored with a cloud provider can cause even more problems, because it can often show up as garbage data rather than the good stuff to providers that can't manage or decrypt it themselves.

Remnant data is rarely discussed by cloud users or providers, or even security specialists.

It continues to be a small but consistent problem in any organization that recycles servers or PCs at the end of their normal lifecycles.

The only way to be really sure no one will be able to read data from a disk you're abandoning – according to the roughly half a million security specialists who've told me this during interviews over the past few years – is to encrypt it, delete it, wipe the drive, scrub the drive with drive-scrubbing software, scrub the drive with sandpaper, sand and steel wool and then drill holes in different places on each disk before shredding them or throwing them away in separate recycling bins.

If that seems excessive, or just too much work, I've found the easiest way to make data on a hard drive completely inaccessible and unrecoverable is to put data on the disk that are vitally important to something time sensitive and fail to back the data up to any other devices as your deadlines approach and stress rises.

Just before you hit Save, Print or There, Now it Won't Explode, all the data will mysteriously disappear, never to be found again.

Especially after the explosion.

Good luck.

And keep your head down.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

Photo Credit: 

Reuters

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness