Skip to main content

what does your secured on-prem facility do if there's a classified spill?


Forum|alt.badge.img+1

Where we work, the physical disk(s) must be sanitized. Currently, there is no good way to only sanitize a specific data location on any disk in a local Commvault disk library. Yes, there’s the CVDisk Eraser Tool, but that is only good for a whole volume or mount point. 

There are tools like BCWipe, but for that to target a specific data location - you need to know the data’s location. Commvault doesn’t easily give up where it stores data for say, a single laptop agent’s backups. When I inquired about this with support, they said it would be non-trivial to determine. Plus then even if you did, there’s no way to gracefully wipe only the folder/data locations without dirtying the database(s), since you’d have the leave the folders there to eradicate with your sanitization tool *before* trying to remove it from the command center/java console. 

I suggested a CMR to dev, that would offer the ability to sanitize a single laptop agent’s specific data location(s), on deletion, with something like “you are about to delete system X - would you also like to sanitize the disk sectors that contained the data? Pick your sanitization protocol.” But they said there have only been about 30 tickets since the birth of Commvault regarding issues with secure disk sanitization. 

The only other thing I can think of from a risk mgmt perspective is, for us to build different disk libraries for every department, so that if there’s a spill, we only have to nuke the backups for a single department, instead of the entire storage pool that currently contains all the departments across multiple libraries. 

Any other ideas?

Thanks! : ) 

4 replies

Erase4ndReuseMedia
Byte
Forum|alt.badge.img+13

Where physical destruction is a requirement, a common approach is to backup to tape. In the event of a data spill, you would surrender the associated media to the appropriate section for secure storage (useful where other data on the tape(s) may be required for recovery purposes), or for sanitization / destruction. 

That is made significantly harder with incremental forever agents, though.


Forum|alt.badge.img+1
  • Author
  • Bit
  • 1 reply
  • August 28, 2024

Thanks. in the scenario I’m presenting tho, assuming we *don’t* have to physically destroy the disks - I’m talking about trying to minimize the amount of data we must erase. We do fulls + tons of regular incrementals + synth fulls every few weeks. If we theoretically did aux copies to tape? i guess we’d still have those backups to try and pull if needed? and then after erasing the entire disk library(s) of data, we could start new again. ?  


Erase4ndReuseMedia
Byte
Forum|alt.badge.img+13

The approach I mentioned would also apply where sanitization is a requirement. Leveraging auxiliary copies to tape could achieve the same outcome, as long as your environment can sustain re-baselining each time a spill is encountered.


Michael Woodward
Commvault Certified Expert
Forum|alt.badge.img+11
  • Commvault Certified Expert
  • 79 replies
  • August 30, 2024

In the past where I’ve been involved in having to erase data that was backed up when it shouldn’t have been we used the Delete Backup Data feature.  

This effectively deletes any references to the backups from the Commvault indexes / databases and renders the data unrestorable. 

More info in doco here: https://documentation.commvault.com/2023e/expert/delete_backup_data_and_archive_data.html

May not meet your requirement for sanitising the disk location - but as data is probably deduplicated it’s not really readable anyway.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings