when we securely delete a volume in a machine which is installed in a virtual machine or docker, for example by overwriting 7 times or more, we securely delete the data in virtual disk (in guest) and some related data in real disk (in host) may remain. is it true? so to consider this and to securely delete the data both in virtual disk and the relative data in real disk to address the concerns of secure deletion what should we do to ensure this? i read this: How to secure delete inside a virtual machine? but it's not my answer
Asked
Active
Viewed 32 times
0
-
3*"... but it's not my answer"* - from my understanding it clearly answers your question, both if virtual secure deletion in VM is sufficient (VM) and what you should do to ensure it (encryption at rest). To cite: *"A virtual machine __lacks the necessary knowledge and control over the underlying storage__ infrastructure to ensure secure deletion of data. ... Sensitive data should be protected with __encryption at rest__ or perhaps stored on a trusted storage service that can provide the required level of security."* – Steffen Ullrich Mar 17 '21 at 07:34
-
no. they suggest only encryption. but i'm looking for more methods other than encryption. or at least full explanation about encryption – alex Mar 17 '21 at 12:54
-
1Fundamentally what you're asking is, **"How do I securely delete a file?"**. The fact that the file is a virtual machine volume is irrelevant. There are a number of questions on the topic of securely wiping a file you can search for. It's complex and operating system dependent, which you didn't state. *In no case is overwriting 7 times useful.* – user10216038 Mar 17 '21 at 20:18
-
Unless you control all the infrastructure you are placing your trust in whoever does. Encryption raises the bar significantly but does not prevent someone with admin level privileges from accessing your data. – symcbean Mar 18 '21 at 01:09