Data Centers: Include Data Erasure in Your Disaster Recovery Plans

Data copies used for disaster recovery operations—whether for testing or in an actual emergency—must be securely erased beyond recoverability when they are no longer needed.

In disaster recovery planning, the big story is how to get operations up and running again quickly after a major adverse event.

Just as in any data center planning activity, data protection must extend beyond guarding against accidental data loss. Security requirements are just as complex and multi-layered in disaster recovery plans as for production systems. Moreover, they have the same requirements as in the primary production environment, in terms of protecting companies and their customers, as well as meeting regulatory requirements.

This is especially true in the highly-regulated financial services industry. And erasing data, when it is no longer needed, is a critical part of protecting it from unauthorized access.

How Does Data Erasure Fit into Your Disaster Recovery Plan?

Most data center operators are keenly aware of the need to do more than simply delete data at the end of its lifecycle. Standards are commonly in place to sanitize data beyond the ability of forensic means to retrieve it. However, it is also not uncommon for people to depend on the physical destruction of old drives alone, or stockpile them in a lights-out room or other secure location. And while physical destruction is generally effective, there are other ways to securely remove data that don’t harm the environment or require items to leave your facility. Data erasure is an option that can be used by itself or added as an additional, environmentally-friendly step on top of physical destruction to ensure complete data removal.

Moreover, regular testing of disaster recovery plans requires comprehensive data sets to be staged at the disaster recovery site, and few data center operators are willing to take large numbers of new drives permanently out of service after such brief use. Data erasure allows these drives to be erased and reused, while physical destruction doesn’t.

Software-based data erasure is the basis for best practices to completely remove sensitive data from disaster recovery storage devices. Thorough planning of the scope and methods for doing so is essential to the broader process of disaster recovery planning.

What Data and Processes Must Be Addressed?

The first step to building data erasure into a disaster recovery plan is to define what data must be erased and when. All sensitive information must be identified as targets for sanitization, and each of these datasets must have a defined lifespan, after which it must be destroyed.

The implications of testing, as well as bringing recovery sites online and shutting them down again, must be accommodated in this planning, with a comprehensive set of timelines, methods and tools identified in advance.

Standards and procedures must align with the rest of the data center environment and with any third parties involved, including disaster recovery vendors, cloud service providers, etc. That complexity makes testing of data erasure methods an important part of the broader task of disaster recovery testing.

Six Best Practices for Secure Erasure in Disaster Recovery

Because disaster recovery planning must address data protection throughout the lifecycle, standards and procedures for data erasure are an integral requirement. The following guidance provides a framework for key considerations in this area. These best practices can be used as a starting point for the planning process.

1. Specifically address diverse data types. In addition to handling both test and production data, policies should include active data erasure for all data types involved with disaster recovery operations, currently and in the foreseeable future. These may range from discrete files, to virtual machines, to logical unit numbers (LUNs).
2. Verify data erasure processes for different storage media. Different considerations apply for conventional hard disc drives, solid state drives, magnetic tape and others. Your data erasure method should be capable of erasing all relevant media to specified algorithms.
3. Choose tools and measures that facilitate regulatory compliance. Vendor solutions should be certified by relevant governing bodies in all jurisdictions where the company does business.
4. Automate processes wherever possible. Building automation into data erasure processes streamlines the level of human involvement needed, reducing resource costs as well as the potential for error. Interoperability with existing network policy systems such as Microsoft Active Directory may be desirable.
5. Consider the role of data erasure as a service. Especially if some or all disaster recovery is done using public cloud resources, it is vital to set, confirm and document expectations for ’how’ cloud service providers will erase your data and provide certifications for you to achieve internal audits and compliance requirements.
6. Provide an audit trail. Reporting on the success of data erasure following disaster recovery testing or an actual disaster is typically necessary for both internal audit and regulatory compliance. Data erasure mechanisms should provide digital certificates and communicate directly with centralized governance, risk and compliance (GRC) systems, as well as providing certified and tamper-proof reports.

Including a comprehensive data erasure approach is a critical part of planning for disaster recovery. Using the right tools and procedures for data erasure provides data center operators with confidence that all copies of sensitive data made as part of disaster recovery operations are sanitized when they are no longer needed.

This capability helps guard against security breaches associated with that data falling into the wrong hands and simplifies efforts to comply with regulatory requirements.