| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by Unroasted6154 459 days ago
	It possible with crypto shredding. You store everything encrypted with one key by customer. When you want to delete you erase the key. The data becomes unusable everywhere (backups included). Then a job periodically garbage collects data without a key, but that's more for cost saving. Big companies do this but it requires some technical maturity. If you operate in Europe you have to implement proper data deletion. I would be more worried about small companies that large ones tombe honest.

1 comments

Quekid5 459 days ago

You still have to backup those keys somewhere... and if you don't do it the same way as for the data then your backups are effectively worthless.

link

muti 459 days ago

Much less data to back up so it can be stored in a way that is replicated for redundancy but still mutable. Separating the key and data is what allows for sending data to tape backup etc

link

Quekid5 456 days ago

If your (backup-via-redundancy) keys are mutable, you do not have a backup. What happens in the case of a ransomware attack, for example?

You've also added (possibly substantial) latency to every single operation that operates on user data.

link

muti 456 days ago

The specifics of how the keys are backed against different failure modes/attacks is orthogonal to the splitting of data/key.

Yes you would need to carefully design the system that allows deletion of keys while minimizing chances of data loss, but it can be done, and it's going to be cheaper and less complex to do so on a tiny subset of the data.

Latency considerations are also down to design, it's not a given that there will be significant overhead imposed.

link

Unroasted6154 455 days ago

One simple way is to keep only a few days / weeks of (immutable) keys backups. You can always stop the deletion of you have a big issue. If the law says you have 14 days to delete all data, you keep only that much backups.

link

ripped_britches 459 days ago

Yea was going to say this. I would be surprised if any major company does this for normal uses.

link

Unroasted6154 455 days ago

That's how GAFAMs size companies do it. They need to comply with European regulations for data deletion, and there are very few other options.

link