As well as making sure that stuff that should be backed up is, I've also come across the issue of making sure that stuff that should be deleted is. Complying with the data protection act (properly) is one reason, but another is destroying confidential information that's been used for a project but which is no longer needed. Over xmas 2005 I thought I'd lost a USB flash drive which I thought contained sensitive files. In the end it turned out to be locked in my desk drawer with all the confidential stuff wiped just as it should be. Work goes for an information retention policy ("back it up, keep it safe and destroy it after a certain period of time if it's no longer needed") rather than a backup policy. As one of our databases is 12 TB in size, it has to be managed so we don't run out of space.
Yes, guaranteeing deletion can be important but also quite hard.
In our line of business our customers sometimes want to delete HSM-protected keys. This is potentially quite difficult given that the encrypted key blobs may be on any number of backup media, old hard disks, etc.
They can erase the smartcards that protected the keys, provided they chose that protection option when they generated them and they still have the smartcards, and provided they chose unrecoverable keys; having done so the keys will no longer be available.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
(no subject)
Date: 2007-01-26 12:20 am (UTC)(no subject)
Date: 2007-01-26 10:41 am (UTC)Yes, guaranteeing deletion can be important but also quite hard.
In our line of business our customers sometimes want to delete HSM-protected keys. This is potentially quite difficult given that the encrypted key blobs may be on any number of backup media, old hard disks, etc.
They can erase the smartcards that protected the keys, provided they chose that protection option when they generated them and they still have the smartcards, and provided they chose unrecoverable keys; having done so the keys will no longer be available.