Data sanitization for cloud storage
Any good security professional is familiar with the term Data Sanitization. This is the process of deliberately, permanently, and irreversibly removing or destroying the data stored on a memory device. This is not only a security best practice; it is often mandatory for compliance reasons.
For all traditional physical storage solutions such as tape, disk, and even paper, there are many well-documented standards and procedures available. Some sanitization standards go as far as removing the data even beyond the recovery capabilities of advanced forensics tools. The standards and procedures can be very detailed, so their implementation is not very complex from a design perspective; it has all been done before.
Learn Cloud Security
The DoD 5220.22-M data sanitization method, for instance, covers the following process:
Pass 1: Writes a zero and verifies the write
Pass 2: Writes a one and verifies the write
Pass 3: Writes a random character and verifies the write
This example method rewrites all sectors multiple times, and this requires very low-level (physical) disk access. When data is stored with a third-party cloud provider, this gets difficult. It is not impossible, though. So what are the differences?
Physical media access
Many of the data sanitization processes take care of data remanence down to various levels. Data remanence is the term for the residual traces of the pre-existing data still detectable in the disks sectors. Overwriting a disk multiple times with zero and one values can "clean-up" these traces. For cloud solutions, this brings an important issue, however: access to the physical media is often required for this low-level task. Due to the shared and often distributed storage resources and the limited access to the OS or underlying hardware, this access is not available.
Cloud architecture differences
This lack of access to the storage media is an issue in all service levels of the cloud computer stack, but there are some differences. The deeper the Stack goes towards the physical system; the better the access will be due to increased separation of resources. This ranges from Software as a Service where access and sanitization are almost impossible for the customer, down to the Infrastructure as a service where in theory, the customer should have some control over the servers. Of course, the control is still not as in depth as in a situation where co-located, customer owned equipment is used. For the most stringent of compliance regulations, this might be the only viable option for an organization.
Solution 1: Cloud provider sanitization services
Surprisingly enough, cloud providers do not have many options for data sanitization for their customers. A few options are available, but with limitations. Amazon, for instance, can provide storage in the form of EBS volumes which are raw, unformatted block devices that operate similarly to a physical disk. The volumes are wiped before use so the customer can be assured previous data has been erased. For sanitization, customers are given options such as those detailed in DoD 5220.22-M ("National Industrial Security Program Operating Manual ") or NIST 800-88 ("Guidelines for Media Sanitization"). Amazon makes a point of the fact that the responsibility of these optional measures lies with the customer and that the disposal of actual physical disks might not be done to the same standards. Microsoft only states that (their) physical disks for the Microsoft Cloud platform are disposed of according to NIST 800-88 Guidelines for Media Sanitation. Other services will have different options and in the end, this topic will need to be discussed between the customer and the cloud service provider to make sure the required methods are readily available or can be customized.
Solution 2: Encryption
Another solution is to use storage (data at rest) encryption within the cloud environment. This ensures that if the media is not properly sanitized after leaving the service, the old data is unreadable for any other party without the (destroyed) key.
Microsoft Azure offers AES-256 support amongst others, just like Amazon and most other Cloud Service Providers. They claim the performance impact should be limited to none.
There are also many 3rd party encryption solutions such as LUKS, PGP, and BitLocker. As with the low-level sanitization, the right Cloud solution, and sufficient disk access is required for this.
In any case, whether compliance is a factor or not, encryption of data at rest is always good practice. Encryption of data "at rest" even takes care of any backups performed of the data by the CSP. Whatever is included in the backup is unusable for 3rd parties.
Solution 3: A hybrid solution
Most cloud customers have some degree of hybrid cloud model in use. In a hybrid model, some servers and services are hosted locally, and some are located with a Cloud Service Provider. This creates an opportunity to move the less sensitive data to cloud storage and leave the data requiring strict data sanitization policies stored locally. This can have an impact on performance as servers in the cloud will need to pull in data from the local storage systems and vice versa, but if the architecture allows for this, it can be a good solution. Beware of accidental "data spills" however, which is a situation where data too sensitive to be stored in the cloud, accidentally makes it into cloud storage.
Solution 4: Isolation and a (Virtual) private cloud
A (Virtual) Private Cloud often gives the customer more access to "their" isolated, dedicated network and hardware within that cloud. Amazon not only offers "Dedicated Instances", but can also provide "Dedicated Hosts" within their Virtual Private Cloud product. This solution may not fully cover Media Sanitization, but it does allow for better Data Isolation, which is the process of keeping data away from shared media and instances.
Learn Cloud Security
Conclusion
For many organizations, Data Sanitization is part of their mandatory compliance requirements. For other organizations, Data Sanitization is part of a comprehensive, best practice security policy. It seems the Cloud Service Providers have not made this subject as simple as their customers would require it to be, although some options have been made available over the last few years. With rapid migration to the cloud, some important features and a lot of flexibility seem to have been left behind. This means there is a market still out there made up of organizations who cannot move some or all of their services to the cloud due to these limitations in Data Sanitization.
In this Series
- Data sanitization for cloud storage
- The rise of cloud computing: Trends and predictions
- Understanding the basics of cloud infrastructure: What you need to know
- How cloud security, data privacy, and cybersecurity convergence drives successful careers
- Secure cloud computing: What you need to know
- Working across multiple cloud service providers: CSP security learning path
- Securing cloud-based applications training: What you need to know
- Security risks of cloud migration
- DevSecOps in the Azure Cloud
- Amazon Athena Security: 6 essential tips
- Securing cloud endpoints: What you should know
- AWS security and compliance overview
- CloudGoat walkthrough series: IAM privilege escalation by attachment
- CloudGoat walkthrough series: EC2 server-side request forgery (SSRF)
- CloudGoat walkthrough series: Remote code execution
- CloudGoat walkthrough series: Lambda Privilege Escalation
- Information security strategy for the hybrid and multi-cloud
- CloudGoat walkthrough series: Cloud Breach S3
- CloudGoat walkthrough series: IAM privilege escalation by rollback
- Working with CloudGoat: The “vulnerable by design” AWS environment
- Malicious Amazon Machine Images (AMIs)
- Key findings from Ponemon’s State of Vulnerability Management in the Cloud and On-Premises report
- Cloud Pentesting Certification Boot Camp: The ultimate guide
- Cloud Based IDS and IPS Solutions [Updated 2019]
- AWS Security Monitoring Checklist [Updated 2019]
- Amazon Inspector: A cloud-based vulnerability assessment tool
- System administrator vs. cloud administrator
- 5 key cloud security use cases
- Deep Packet Inspection in the Cloud
- Honeypots in the Cloud
- Biometrics in the Cloud
- Open-Source Intelligence Collection in Cloud Platforms
- How to Safeguard Against the Privacy Implications of Cloud Computing
- AWS Cloud Security for Beginners — Part 2
- AWS Cloud Security for Beginners — Part 1
- AWS Security Monitoring Checklist — Part 2
- Rise of the Rogue Cloud: The Fundamental Security Mistake Enterprises Make and How to Correct It
- Controlling the Risks of Cloud-Enabled End-Point Security Products
- The Ultimate Guide to CCSP Certification
- Five Reasons Why Security Professionals Need the Cloud
- Amazon S3 Buckets-Hardening
- Cloud Service Reconnaissance
- Cloud Computing Security: Be Secure Before Moving to Cloud
- Cloud Technology Bringing New Possibilities in Threat Management
- Attacking the Cloud
- Man in the Cloud Attacks: Prevention and Containment
- Cloud originated DDoS attacks
- Where Is Your Data Safer? In the Cloud Or On Premise?
- DDOS Protection for Public Cloud Customers
- Security Barriers in the Adaptation of Cloud Technology
- SIEM as a Service
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Cloud security
Cloud security