Data storage has been taken to a whole new level ever since cloud storage was developed. Cloud storage is especially useful for data that must be shared among multiple users or multiple devices. for all its convenience, the cloud also adds a new complexity to the old security challenge of making sure that deleted data is actually erased. Unless you understand how your cloud provider handles data removal, seemingly deleted files can linger on as “zombie cloud data”, invisible to the user, but still potentially subject to theft or accidental exposure.

Zombie cloud data problem is a variation on a subtle security challenge that is as old as the personal computing era. Deleting a file from local storage removes it from the user’s list of files. Although it seems to be gone, normal deletion does not physically erase the data from a storage device; it merely removes the directory entry, telling the operating system that the disk space is available for reuse. This is why files can be “undeleted,” which is often a lifesaver for people who accidentally deleted their work.

Data storage and deletion in the cloud work in essentially the same way, but with few technical complications and one big institutional difference. The technical complications relate to the way cloud storage providers ensure that files are readily available when needed and safely backed up against mishaps. Both of these considerations mean that cloud data is normally stored redundantly on multiple servers. To ensure removal of the data, all of these stored copies must be erased. These technical considerations can also apply to data stored on-site by an organization.

In recently reported cases, data that an individual thought was deleted years ago resurfaced on major cloud services. The data reappeared after an attempted fix went awry. The provider was seeking to eliminate a bug that prevented full erasure of old files instead, the fix undeleted the files.
Working effectively with a cloud provider to ensure full disposal of cloud data requires more than simply reviewing the provider’s terms of service. Customer and provider must also have a shared understanding of how bugs or other errors can be resolved. With studies showing that organizations also struggle with reliable disposal of disks and other on-site storage media, it is clear that zombie data, in the cloud or otherwise, continues to pose a security challenge that organizations need to address in a comprehensive way. If you like to read more, like and share this article and follow my Facebook page. Enjoy!