Ensure data wipe from disks


#1

HI,

Is there a way to ensure data wipe from the disks to meet some regulation requirements.

For example after we delete a bin?


#2

When you delete a bin its removed from the index. At some point later, it will get defragmented and overwritten. There is no way to fully “purge” the data off the disk during a deletion operation. Would encryption at REST fit your requirement?


#3

This is what the encryption at rest enterprise feature is for. It satisfies this kind of regulation requirement.


#4

copy cat…


#5

Almost copy cat :slight_smile: … --> EE feature only. CE users can encrypt their data at the client level in the bin on their own, decrypt back on read, store as BLOBs. Achieves similar compliance.


#6

Thanks for your input. Can you advise if the following alternative scenario achieves the needed data wipe requirement: NameSpace

            SET

                  Record

                            BIN

Inside the bin, we store a Map of String Key to Integer Value, The string is 3 – 5 characters length.

To physically wipe the data, we are proposing to overwrite the map with another map of same size and same schema (i.e. String to Integer). In addition, we will overwrite the Map string Keys with new dummy Keys of same length.

We need to know if this technique guarantees overwriting the old bin data in-place without the need to copy the new data to a new file location whiling maintaining the old data on disk.


#7

This will not work, Aerospike always writes to new write-block-size blocks.