Secure Erase helps you to securely delete confidential backups. You can enable Secure Erase for all store types except Cloud Bank stores. This feature allows secure erasure of data that was backed up as part of a regular backup job. For example, you may have unintentionally backed up confidential data and want to ensure that it has been securely erased.
The Secure Erase overwrites data to be deleted with a sequence of 0, 1 or pseudo random data. The sequence depends on the number of overwrite passes. You can configure Secure Erase to overwrite the data to be deleted with either one, three, five, or seven passes. The amount of time required to complete the Secure Erase increases with the number of overwrite passes.
IMPORTANT:
- Secure Erase increases system overhead and reduces performance. Hewlett Packard Enterprise recommends enabling Secure Erase immediately prior to expiring a backup from the backup application. And disabling Secure Erase it immediately afterward. Do not leave Secure Erase enabled for long periods of time.
- To remove data immediately, be sure that the backup application is configured correctly. You may need to revise rotation and retention policies to ensure that the data is expired.
- Hewlett Packard Enterprise recommends using the backup application to delete data when using Secure Erase.
Secure Erase can only be enabled after the StoreOnce Catalyst store, VT library, or NAS share is created. Enable Secure Erase by editing the store, VT library, or NAS share. Once you enable Secure Erase, all data written to disk will be securely erased upon data deletion.
When Secure Erase is enabled (for Catalyst stores, VT libraries, or NAS shares), data is securely deleted. Work with the backup application to trigger the Secure Erase, for example by forcing the format of a VT library cartridge. The backup application sends the request to delete the data and the deletion is carried out as part of the Housekeeping function. You can trigger Secure Erase manually by deleting:
- A StoreOnce Catalyst object or whole store
- VT library cartridge, or whole VT library
- NAS share
Only data chunks (processed portions of user data) that are not referenced by any other items can be securely erased. If an item references a data chunk that is not marked for Secure Erase, the referenced data chunk will not be erased.
Here is the video on Secure Eras and other security features of StoreOnce Gen4 - https://support.hpe.com/hpesc/public/videoDisplay?videoId=vtc00030134en_us
Regards,
Srinivas Bhat
If you feel this was helpful please click the KUDOS! thumb below!
Note: All of my comments are my own and are not any official representation of HPE.
I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Thank you for sharing the information!
Thanks,
Sunitha G
I'm an HPE employee.
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]