Safety Last in the Cloud
Everywhere we hear our data is safer in the Cloud. Last week’s post disagreed: “It may be safe from some problems (theft at your site) but it’s not safe from problems out there (earthquakes or Internet crashes).” This week’s post is about a different safety problem: the illusion of deletion.
First, some history and some technology. Remember Ollie North? He thought he’d deleted incriminating emails. He did, but only from the email program. Those files remained on the system’s hard disks because he didn’t know how computer files were “deleted.” I use quotes because files are never really deleted.
What happens when you “delete” any file (an email, or a spreadsheet, or a doc file, etc.) is the operating system deletes its reference to the file and makes the space where the file was stored available for new file storage. The file’s data remains intact until other files actually use that space. Only then is the data replaced. And then, only haphazardly, depending on the sizes of the new files. Only this re-use destroys the original data. It may be possible for tiny chunks of the original “deleted” file to remain unused, and intact, forever.
The Cloud, despite all the hype, is no different. In fact, it may be far worse. It’s likely your data in the Cloud is reproduced (for safe backup) many times over, further compounding the deletion problem. Safety for your data in the Cloud is not simply a question of whether it will be properly preserved and protected. There is also the question of whether it will be properly deleted.
For example, if you move your data to another Cloud provider, what happens to the data at the original provider? It may be “deleted” from the system, but unless they take special procedures to thoroughly erase the data, it will persist. And, yes Ollie, there is a government specification on how to do this: US DoD 5220-22.M.
In fact, merely rewriting new files over your old data will not destroy it. Specialists can retrieve data from disks not only overwritten many times but even physically damaged. Without government-specified erasure, data is always accessible to the experts, whether good guys or bad. The difference is that you can control what happens on your computer; the Cloud is up in the air.