When data reaches the end of its life, we need to dispose of it appropriately. The ideal way to dispose of it will depend on both the sensitivity of the data as well as the context. For data on drives that we have on-premises, we may want to physically destroy them through techniques like incineration or pulverization. If we have sensitive data in the cloud, our provider isn’t exactly going to let us waltz in, rip out their harddrives and chuck them in a furnace. This means that we have to turn to other options.
The most common technique for securely disposing of cloud data is cryptographic erasure, which we also call cryptoshredding. The process basically involves encrypting the data with a secure algorithm, and then throwing away all copies of the key so that no one can access it.
The National Institute of Standards and Technology (NIST) classes cryptoshredding as a type of purging, which means that when it is done properly, it is infeasible to recover the data with state-of-the-art techniques. However, the encrypted data does still exist, and cryptoshredding is not as secure as physical destruction methods that make it absolutely impossible to access the data once the drive has been incinerated, shredded or pulverized. If you want to cryptoshred your data securely, there are a few cryptoshredding caveats that you should be aware of:
Planning ahead
We should plan for our data’s end of life before we collect or create it. How data is created, stored, used and shared will impact the viability of cryptoshredding it securely at the end of its life. If you create sensitive data, store it in several places and then lose track of some of the locations, you won’t be able to cryptoshred every single copy. If copies of the data may still be out there, then it can’t be considered securely purged. This means that we can’t just figure out how to purge data once we are at the end of the life cycle. We need to plan ahead of time to ensure that we only create, store, use and share data in a way that conforms with our eventual purging strategy.
Choosing the right algorithm
We want to ensure that we are encrypting data as soon as we store it for the first time. It’s important to use a secure encryption algorithm so that attackers can’t easily break the encryption. In many contexts, we consider the AES-128 encryption algorithm to be fairly secure. However, for data that will remain sensitive over the long term, AES-256 is a better choice because it’s stronger.
If we look at past trends, we can have reasonable confidence that AES-256 will remain secure over the next decade and perhaps significantly longer. However, this comes with a substantial caveat that it’s incredibly difficult to predict technology changes over long periods of time. While there are other algorithms that could end up being secure for longer than AES-256, these have not been studied as carefully as AES, and there is the risk that they may end up having weaknesses that we are not currently aware of.
Securely managing the keys
If we want our cryptoshredded data to be purged securely, then we need to ensure that no one can access the keys. This means that the keys must be secured appropriately for the entire duration of their lifetime. When it’s time to cryptoshred the data, all copies of the keys must be sanitized appropriately. This can be accomplished via a secure method of overwriting, or by encrypting the key with a wrapping key, and then securely overwriting the wrapping key.
If some copies of the keys have been forgotten about and they aren’t sanitized appropriately, then the data cannot be considered securely purged. If an attacker manages to find a copy of the keys, they could easily access the data, resulting in a data breach. Obviously, this is an outcome that we want to avoid, so we must ensure that we manage our keys appropriately throughout the entire lifecycle
