Where we work, the physical disk(s) must be sanitized. Currently, there is no good way to only sanitize a specific data location on any disk in a local Commvault disk library. Yes, there’s the CVDisk Eraser Tool, but that is only good for a whole volume or mount point.
There are tools like BCWipe, but for that to target a specific data location - you need to know the data’s location. Commvault doesn’t easily give up where it stores data for say, a single laptop agent’s backups. When I inquired about this with support, they said it would be non-trivial to determine. Plus then even if you did, there’s no way to gracefully wipe only the folder/data locations without dirtying the database(s), since you’d have the leave the folders there to eradicate with your sanitization tool *before* trying to remove it from the command center/java console.
I suggested a CMR to dev, that would offer the ability to sanitize a single laptop agent’s specific data location(s), on deletion, with something like “you are about to delete system X - would you also like to sanitize the disk sectors that contained the data? Pick your sanitization protocol.” But they said there have only been about 30 tickets since the birth of Commvault regarding issues with secure disk sanitization.
The only other thing I can think of from a risk mgmt perspective is, for us to build different disk libraries for every department, so that if there’s a spill, we only have to nuke the backups for a single department, instead of the entire storage pool that currently contains all the departments across multiple libraries.
Any other ideas?
Thanks! : )
what does your secured on-prem facility do if there's a classified spill?
+1
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.