Scrubbing Data a Concern in the Digital Ocean Cloud
What happens to cloud data after a virtual machine is destroyed? One cloud vendor reassesses its policy.Security is often cited as a top concern for any organization looking to move to the cloud, and it's a concern that is top of mind this week at cloud hosting vendor Digital Ocean. Developer Jeffrey Paul first raised the issue of data security on Digital Ocean in a Github post earlier this week. Paul noted that Digital Ocean was not by default "scrubbing" user data from its hard drives after a virtual machine instance was deleted by a user. The scrubbing process securely removes any and all residual data that is resident on a drive. The risk of not scrubbing the drive is that another user could potentially get access to the data. The issue only affected users of the Digital Ocean API (application programming interface) who were programmatically creating and destroying new virtual instances (referred to as "droplets" by Digital Ocean). On Dec. 30, Digital Ocean first publicly admitted that it was at fault and should have been scrubbing its drives for API users. Digital Ocean CEO Moisey Uretsky told eWEEK that his company has now defaulted to scrubbing its hard drives for both Web and API virtual machine destroy requests.
Digital Ocean had been aware of the issue earlier in 2013 and at one point was scrubbing all of its drives after every virtual machine destroy request. However, as Digital Ocean's utilization went up, the company found that the scrubbing activity was degrading performance and decided to make it an option that API users needed to manually activate.