HPE Community
Operating System - HP-UX
1753789 Members
7518 Online
108799 Solutions
New Discussion юеВ

Re: Data deletion proof

 
SOLVED
Go to solution
MKR_1
Frequent Advisor

тАО08-19-2009 06:43 AM

тАО08-19-2009 06:43 AM

Data deletion proof

Hi Gurus

We have financial data hosted in third party shared storage.Now we are moving out of the this shared storage and the data is going to be hosted in our own datacenter.But as per Financial Services Authority we should have a certificate/proof that the data is deleted from the shared storage.

Have you guys come across such situation or any tools which comply this?
0 Kudos
Reply
5 REPLIES 5
MKR_1
Frequent Advisor

тАО08-19-2009 06:59 AM

тАО08-19-2009 06:59 AM

Re: Data deletion proof

Hi All

Any ideas will be much appreciated
0 Kudos
Reply
Mel Burslan
Honored Contributor

тАО08-19-2009 07:18 AM

тАО08-19-2009 07:18 AM

Solution

Re: Data deletion proof

when you talk about shared storage, you can not do this on your own. Sit and think about it for a minute. if this shared storage has more than one copy of the data for backup purposes and you know there should be a copy somewhere that is used daily to perform backups without interrupting your operations, how can you be sure that it got deleted once you delete the data from your current disks using whatever secure data shredder tool you use. If that copy is offline at the time you delete your live data, it is up to the storage hosting provider to delete that data.

Contact the storage service provide and have them issue you a document that says, the contents of all your storage areas have been irrecoverably deleted using whatever tool they prefer to use. And keep that piece of paper for future audits, indefinitely. At this point, if there happens to be a data breach from those records, it is not your or your company's responsibility.
________________________________
UNIX because I majored in cryptology...
Reply
MKR_1
Frequent Advisor

тАО08-19-2009 07:33 AM

тАО08-19-2009 07:33 AM

Re: Data deletion proof

Thanks Mel,that makes sense
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО08-19-2009 07:46 AM

тАО08-19-2009 07:46 AM

Re: Data deletion proof

Shalom,

Take a hammer to the hard disk and destroy it.

I used to work for NDS, a security company. That is how we made sure the data can not be recovered.

Even a full OS install is something security agencies like the NSA know how to undo.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
OldSchool
Honored Contributor

тАО08-19-2009 07:57 AM

тАО08-19-2009 07:57 AM

Re: Data deletion proof

"Take a hammer to the hard disk and destroy it.

I used to work for NDS, a security company. That is how we made sure the data can not be recovered."

while I agree, I think you're referring to a storage owned by third party, somewhere off-site. If so, SEPS approach won't work.

it sounds like you'll need to find out what the Financial Services Authority considers acceptable as to certification. Then the third party would have to meet that standard.

If I'm correct about an outside source hosting the data, then you might need to pass this to your Legal or Compliance Department, as somebody is going to have to work out what is acceptable removal, whats acceptable as to certifying the required work was done, what certification is acceptable, and what auditing (if any) needs to be done to insure conformance. Lawyers will certainly get involved somewhere. Somebody might have to pay for an independent audit to prove compliance. Then there is always the issue of "backup copies", which the 3rd party would have to destroy as well.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.