My company takes data retention and compliance very seriously. We have developers storing various types of data in AWS—like S3, RDS, Redis, and EC2 instances. I'm wondering how we can really confirm that data is permanently deleted. When I destroy an EC2 instance and flush the associated database, I know the data is technically still there until it's overwritten. In the past, we used to degauss hard drives for complete data destruction. What are some best practices for handling this in AWS?
3 Answers
You should check the AWS documentation, particularly the shared responsibility model or security guides. AWS states that once you delete data, it’s gone. While there’s a level of trust required, you have to consider the security of your EC2 instances, encryption keys, and other factors. You might have doubts about data integrity, but once deleted, AWS handles it.
Well, they’re definitely doing it better than a lot of us out there. For instance, all data on EBS volumes is encrypted with temporary keys, ensuring that even if a disk is stolen, the data is protected and useless to anyone who doesn’t have the keys.
You can navigate to AWS Artifact to download compliance reports where AWS indicates their adherence to various regulatory standards, confirming data deletion. Just a heads up—don’t try to explain this process like it’s a traditional data center; your auditor might want a tour of the AWS regions!
Thanks! I appreciate it. I was just wondering if there are compliance documents or dashboards related to this. Cheers!
A tour sounds fun! I’m sure AWS will let us!
They better be doing it better than I am! I’m just a sales guy; if it were up to me, we’d all be in hot water.