![]() ![]() Sensitive data should be protected with encryption at rest or perhaps stored on a trusted storage service that can provide the required level of security. On a poorly implemented service it's conceivable that blocks of data can leak to neighbouring virtual machines. Particularly in the case of a virtual machine in the cloud (Infrastructure as a Service aka Virtual Private Server) you can not expect to exert any influence on physical storage. There may be exceptions in certain configurations where the hypervisor is able to facilitate deletion (by means such as an API that can be called from the guest), or where the VM has enough of a direct relation to physical storage (By means such as I/O paravirtualization or attaching an iSCSI device directly to the guest), but in general you should not depend upon any virtual machine to overwrite specific physical blocks. This is a typical behavior for SSD devices due to wear leveling, for storage arrays and filers for reasons related to error correction and efficiency, and by any sort of snapshot functionality to support backup, cloning or data retention. ![]() A virtual machine lacks the necessary knowledge and control over the underlying storage infrastructure to ensure secure deletion of data.įor any number of reasons, writes may be redirected to new blocks and thus leaving the old data intact on physical storage. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |