Dave Finds

How to Wipe a Microsoft Azure Virtual Disk Securely?

Importance of secure wipe for the hard disk

When you delete a file/folder in your computer by selecting the delete option the file gets disappeared from your drive but it doesn’t actually remove from your hard drive. Instead, those files are still located on the hard drive and only the reference of the data gets removed in the allocation table and you can’t find it.

Every company has its own set of procedures on wiping its data from its hard disk. Some software like dban helps us achieve this goal. This process is very simple and easy for physical disk but for the virtual disk where you do not have access to the hard disk on your data is hosted? if you are using any cloud storage provider for hosting your data in the cloud, then you will come to a situation where you need to securely remove the data from the cloud storage provider due to various reasons.

How most of the cloud storage provider handle your data

Most of the cloud storage provider uses a multi-tenant service, which means multiple customer data stored on the same physical hardware and segregate each customer’s data from the data of others. Segregation provides the scale and economic benefits of multi-tenant services while rigorously preventing customers from accessing one another’s data.

In this article, we will discuss wiping a virtual drive from Microsoft Azure storage.

For Azure is its very simple, in a situation where I had to delete a 2TB virtual disk that had confidential data attached to a virtual machine. I was worried not to let any trace of my data.

Azure encrypts all the storage account by default.

image

If you check the above image by default Microsoft Azure encrypts all the storage account in the subscription and manages with Microsoft Managed Keys. The encryption keys are associated with your account and you only can access the managed key in your Microsoft Azure portal. If you wish you can change the Microsoft managed keys to your own preferred keys.

Destruction process of data in Microsoft Azure

Microsoft is contractually required to perform this level of data destruction and if there is data compromised because of a failure to do this, Microsoft is responsible for paying you for damages incurred. Azure does the data destruction automatically and there is no control in the azure UI to do it, however, you can contact Microsoft support to ask for a secure wipe of that data.

According to Microsoft Azure, When customers delete data their data or leave Azure the subscription, Microsoft follows strict standards for overwriting storage resources before their reuse, as well as the physical destruction of decommissioned hardware. If you have any critical data and Microsoft executes a complete deletion of data on customer requests and on contract termination.

Conclusion:

So, as we have seen, it’s not necessary to perform a secure wipe of data when clearing it from Azure when you are planning to delete data or terminating your subscription. It’s a Microsoft responsibility to keep your data safe and secure.