Confidently erase data in active environments and from used IT assets.
Boost services throughout the device lifecycle—from first sale to end-of-life.
Expedite processes, recover more marketable product, and increase services.
Home » Resources » Blancco Virtual Machine Eraser
Enhance VMware ESXi Security by Removing Data without a Trace
With high-profile data breaches continuing to make headlines and attackers becoming more sophisticated, experts agree that companies should no longer ask if they will be breached, but rather when. Multi-layer security is a critical component of every IT environment, and part of a robust security posture is anticipating successful attacks and limiting the damage they will cause. This is equally true when you choose a public cloud provider.
When data is no longer needed, it must not only be deleted, but erased completely so it can no longer be retrieved. The software-based method of securely overwriting data from any data storage device using zeros and ones onto all sectors of the device. By overwriting the data on the storage device, the data is rendered unrecoverable and achieves data sanitization. Blancco is the industry leader in data erasure, with a comprehensive set of solutions for use throughout the enterprise.
Virtual environments raise special challenges for fully eliminating deleted data. When a virtual machine (VM) is shut down, other VMs continue to operate on the same hardware. Data erasure must be completed in an active environment where production workloads are executing. All relevant files must be destroyed, in every location where the VM has been migrated during operation, and a complete audit trail must be provided to prove the data is permanently sanitized to meet regulatory requirements.
Blancco Virtual Machine software is purpose-built to apply Blancco’s advanced data erasure capabilities to the specific needs of virtualized environments. The solution’s flexible, robust approach is illustrated in Figure 1.
The process starts with data erasure functionality being called through a customer portal or VMware virtualization software to target a specific VM. All files associated with that VM are identified and securely erased, wherever they reside. These include VM hard disk files, configuration files, snapshots, etc. Erasure reports are generated to support audit and regulatory requirements, with flexible format and security options.
Implementing Blancco Virtual Machine Eraser provides the peace of mind that comes with using an industry leading, enterprise-class solution. As a complement to other data protection regimes and the robust security offered by VMware virtualization, Blancco software helps protect secure data erasure best practices throughout the environment.
Part of the value that Blancco Virtual Machine Eraser offers is its full integration, not only with VMware virtualization, but also with the rest of Blancco’s product offerings. Because the product family also includes tools that specifically target local and network-attached storage, mobile devices, removable media and more, customers can create a data erasure protocol that spans the entire enterprise, supported by centralized management and reporting.
Customers all over the world look to Blancco for the most rigorous assurances available of highest confidence data erasure. Blancco solutions have been tested, certified, approved, and recommended by 18 governing bodies globally. No other provider can offer its customers this level of compliance with worldwide regulations.
Centralized reporting through Blancco Management Console is a core part of operations based on Blancco Virtual Machine Eraser. This capability supports adhering to data protection policies, whether for internal audit or compliance with regulatory statutes such as Sarbanes-Oxley, the Health Insurance Portability and Accountability Act (HIPAA), and the European Union’s Data Protection Directive.
Digitally signed, tamper-resistant reports can be generated in PDF format for easy viewing or as XML files for machine-to-machine communication, such as in governance, risk, and compliance (GRC) platforms. Reports can be configured with custom fields if needed, in addition to standard information such as a timestamp and the names of the VM, datastore and all erased files.
As an alternative to data erasure through complete destruction, some organizations have instead merely destroyed the cryptographic keys that guard access to sensitive data. In theory, this approach should render access impossible, because the decryption algorithm cannot function without the private key. In practice, however, crypto-erasure cannot offer complete protection.
Specifically, if the algorithm itself or its implementation is defeated, unauthorized access to data may be possible. For example, the Heartbleed bug unexpectedly opened a backdoor to the widely used OpenSSL cryptography scheme, and future technology developments may one day defeat today’s encryption methods. Securely erasing VM data using Blancco Virtual Machine Eraser makes it impossible for attackers to reach it, no matter how hard they try.
To meet a variety of needs, Blancco Virtual Machine Eraser can be integrated into VMware virtualization environments in a number of ways, as shown below. Regardless of which approach is used, all files associated with the targeted VMs (including the VMDK, VMSD, VMX, and VMXF file types) are erased, securely and completely.
Blancco Virtual Machine Eraser permanently and irreversibly destroys all data associated with VMs when it is no longer needed. It is a vital component to in-house environments and a requirement when choosing a public cloud provider, to meet compliance requirements, keep data from would-be attackers and protect the business as a whole.
See how easily you erase your business data to achieve compliance.