DATA DESTRUCTION
CONTINUED
and, crucially, auditable. You ensure data destruction not by physically witnessing it, but by having a clear and traceable workflow where deletion policies are enforced and backed by verifiable logs. If you can’t evidence that data has been destroyed, then from a compliance standpoint, it effectively still exists.” Guillaume agrees that in the cloud, it becomes a matter of governance, control and verifiable process. “In SaaS environments especially, organisations rarely control the underlying infrastructure, which means they cannot independently verify physical deletion,” he says. “Instead, they must rely on contractual guarantees, documented retention policies and independently audited controls. Certifications such as ISO 27001, SOC 2 and similar frameworks create accountability by requiring providers to follow defined data lifecycle and deletion practices. “Effective cloud data destruction therefore becomes a trust model backed by compliance, transparency and auditability. Organisations should prioritise vendors that clearly define retention periods, deletion timelines, backup handling and data remanence policies, and are willing to
trying to overwrite data in the cloud, you destroy the encryption keys tied to that data. Without the key, the data becomes mathematically unreadable. “Alongside that, organisations should operate with a ‘delete-by-default’ mindset, rather than retaining data indefinitely. Good data destruction policy should have automated retention and ‘hard delete’ policies within platforms like Microsoft 365 and Azure; strong lifecycle management across backups and archives; and a zero trust approach to data lifecycle, where data is assumed to be at risk and removed once it no longer has legal or business value.” Mark agrees: “The strongest and most widely accepted method that I see and hear from our partner community is to encrypt data at rest and then destroy the encryption keys,” he says. “Once those keys are revoked or deleted, the data becomes unreadable instantly. This approach is recognised by global standards bodies and is used by major cloud providers as a primary sanitisation mechanism.” Guillaume adds that for organisations with very strict data governance requirements, relying solely on a provider’s certifications may not be sufficient. “In those cases, the most effective approach is to avoid giving the provider direct access to data in the first place,” he says. “This means favouring architectures where you control the storage layer yourself, for example, using infrastructure platforms such as Azure or AWS, and ensuring that data is only transmitted and stored in an encrypted form using keys that you manage. “By retaining control of the encryption keys, you effectively remove the provider from the data lifecycle. Even if copies persist within the provider’s infrastructure, destroying the keys renders the data unreadable and allows you to maintain control over its end-of-life.” But this approach is easier said than
“
Certifications such as ISO 27001, SOC 2 and similar frameworks create accountability by requiring providers to follow defined data lifecycle and deletion practices.
document those commitments.” Mark says provider-level data
”
sanitisation controls from platforms like AWS, Azure and GCP allows each to prevent customers from overwriting or destroying physical disks. “These controls are designed to make deleted data irrecoverable across distributed, replicated storage systems,” he adds. Effective destruction This means that certain steps must be taken to ensure data is properly destroyed. “In the cloud, the most effective approach is to make data irrecoverable, rather than simply deleting it,” says Justin. “One of the strongest methods of doing that is cryptographic erasure, or crypto-shredding. Instead of
46
Powered by FlippingBook