1

I'm studying for the CCSP exam and I think I'm missing something here...

In reviewing data destruction/disposal methods, I'm aware that an on-premise IT environment has several options:

  • Physical destruction of media and hardware
  • Degaussing
  • Overwriting
  • Cryptoshredding

The training material I'm using states:

In the cloud, many of these options are unavailable or not feasible. Because the cloud provider, not the data owner, owns the hardware, physical destriction is usually out of the question. Moreover, because of the difficulty of knowing the actual specific physical location(s) of the data at any given moment (or historically) it would be next to impossible to determine all the components and media that would need to be destroyed. Likewise, for that same reason, overwriting is not a practical means of sanitizing data in the cloud.

That leaves cryptoshreadding as the sole pragmatic option for data disposal in the cloud.

(emphasis mine).

I get the first paragraph but I'm confused on how cryptoshredding alone would help here. Is the assumption that the data would have always been encrypted at rest from the very beginning? If not, how would cryptoshredding help to remove remnants of data that was previously stored unencrypted?

Am I missing something here?

Anders
  • 64,406
  • 24
  • 178
  • 215
Mike B
  • 3,336
  • 4
  • 29
  • 39

1 Answers1

3

Without the additional context of the rest of your training materials, it's hard to say for sure -- I don't think there's a textbook definition of "cryptoshredding". However, if we use the Wikipedia definition, we see:

Crypto-shredding is the practice of 'deleting' data by deliberately deleting or overwriting the encryption keys.[1] This requires that the data have been encrypted.

Consequently, yes, this only works for data that is encrypted. Cryptoshredding would not work for unencrypted data as there's no key to destroy.

Is the assumption that the data would have always been encrypted at rest from the very beginning?

Yes. This is a best practice for any sensitive data in a cloud service anyway. Your cloud provider can replace hard drives, have machines go down, maintain their own backup lifecycle, etc., all outside of your control.

If not, how would cryptoshredding help to remove remnants of data that was previously stored unencrypted?

Data is not "previously stored" in my mind. It is stored, and you might make an encrypted copy of the data, but then you need to destroy the original -- and don't have cryptoshredding as an option, which leaves you with 0 options for cloud storage effective data destruction. This is back to the idea of storing it encrypted from the get go.

David
  • 15,814
  • 3
  • 48
  • 73
  • I think it's important to point out that you also have to design your services so the keys for your data are only ever stored in memory. Which even then might not be enough. Automatic service migration by necessity involves taking a memory image of a process. And memory is imaged to swap all the time. – Omnifarious Mar 23 '18 at 17:45