Credit: shawnrossouw via Pixabay
The internet never forgets, which means data that should have been deleted doesn't always stay deleted. Call it "zombie data," and unless your organization has a complete understanding of how your cloud providers handle file deletion requests, it can come back to haunt you.
Ever since the PC revolution, the concept of data deletion has been a bit misunderstood. After all, dragging a file to the Recycle Bin simply removed the pointer to the file, freeing up disk space to write new data. Until then, the original data remained on the disk, rediscoverable using readily accessible data recovery tools. Even when new data was written to that disk space, parts of the file often lingered, and the original file could be reconstructed from the fragments.
Desktop—and mobile—users still believe that deleting a file means the file is permanently erased, but that's not always the case. That perception gap is even more problematic when it comes to data in the cloud.
Cloud service providers have to juggle retention rules, backup policies, and user preferences to make sure that when a user deletes a file in the cloud, it actually gets removed from all servers. If your organization is storing or considering storing data in the cloud, you must research your service provider's data deletion policy to determine whether it's sufficient for your needs. Otherwise, you'll be on the hook if a data breach exposes your files to a third party or stuck in a regulatory nightmare because data wasn't disposed of properly.
With the European Union General Data Protection Regulation expected to go into effect May 2018, any company doing business in Europe or with European citizens will have to make sure they comply with rules for removing personal data from their systems—including the cloud—or face hefty fines.
Data deletion challenges in the cloud
Deleting data in the cloud differs vastly from deleting data on a PC or smartphone. The cloud's redundancy and availability model ensures there are multiple copies of any given file at any given time, and each must be removed for the file to be truly deleted from the cloud. When a user deletes a file from a cloud account, the expectation is that all these copies are gone, but that really isn't the case.
Consider the following scenario: A user with a cloud storage account accesses files from her laptop, smartphone, and tablet. The files are stored locally on her laptop, and every change is automatically synced to the cloud copy so that all her other devices can access the most up-to-date version of the file. Depending on the cloud service, previous file versions may also be stored. Since the provider wants to make sure the files are always available for all devices at all times, copies of the file live across different servers in multiple datacenters. Each of those servers are backed up regularly in case of a disaster. That single file now has many copies.
Sign up for Computerworld eNewsletters.