Does Amazon S3 deletion "shred" your object

Question

I believe Amazon states that all deletions of objects are irreversible. But for security reasons, how "shreded" is such deletion? For example, supposing a hack to Amazon S3, could anyone recover your deleted data?

Answer 1

Part of the answer depends on which region your data is stored in and if there are any government restrictions that may require them to retain data for any given time period. https://aws.amazon.com/agreement/

Likewise, if you are talking about data which has versioning enabled your deletes may be possible to be restored by your own team. https://aws.amazon.com/s3/faqs/

Note: AWS has an option to encrypt data stored at rest on S3 so if you want a compensating control that may be very helpful but also note that the metadata, like filenames, is still not encrypted.

https://aws.amazon.com/s3/faqs/

Since you are talking about attackers hacking Amazon one must assume that attackers who got access to AWS may be able to access the underlying computing infrastructure which may potentially contain access to backup systems or more direct access to the physical media that Amazon uses for S3. Note: Amazon does not publish their internal backup information (maybe they use Glacier?) but their durability guarantee would imply that this data is likely backed up in some fashion and may potentially be restored in the event of a catastrophic filesystem replication failure. Therefore in theory, yes it's likely that an attacker could potentially access potential copies of data that the user thinks is deleted. Whether or not this is even an issue would depend on how Amazon secures any backup or redundant copies they may or may not have.

Important note: Any vendor that claims to "shred" data may only be doing this on their production system and may or may not be "shredding" copies of that data that may exist in their backups or in related data that exists in their logs. This applies to a huge variety of vendors and isn't cloud or AWS specific at all.

More importantly, if you need additional security controls it would be wise to implement additional controls in your environment. This is true in both cloud and non-cloud deployments and really isn't an issue unique to Amazon S3.

Security on computational cloud platforms is different than traditional corporate environments but a lot of the traditional security controls can still be put in place, architects just need to be more mindful of these decisions when working in these environments.

Amazon also has a dedicated Privacy site which is worth looking at: https://aws.amazon.com/compliance/data-privacy-faq/

Finally, Amazon is a US-based company and the US government has approached many ISP's with National Security Letters requesting that they retain data. I am not aware of any such letter being issued to Amazon but it's possible that any or all service providers are being asked to retain certain types of data. If so, then the location where the data is being retained could also be attacked. https://en.wikipedia.org/wiki/National_security_letter

End of device life, data is securely destroyed: https://d0.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Whitepaper.pdf

The following reference to data being securely wiped between uses seems to currently apply to EBS ( S3 is not explicitly listed as I write this so I wouldn't assume it applies to S3 ). https://d0.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Whitepaper.pdf