Fernandes, et. al 2014 (†717)Fernandes, Diogo A. B., Liliana F. B. Soares, Joao V. Gomes, Mario M. Freire, and Pedro R. M. Inacio. "Security Issues in Cloud Environments: a Survey" International Journal of Information Security 13:2 (April 2014), p.113-170.
- media sanitization (p.131-132): Sanitization is the process of cleaning or removing certain pieces of data from a resource after it becomes available for other parties. For example, deleting data has been a concern in distributed systems for a while now, to which monitoring, marking and tracking mechanisms have been employed for data discovery. Data sanitization is an important task in order to properly dispose of data and physical resources that are sent to the garbage. For instance, Google has destruction policies to physically wreck hard drives. However, deficient implementation of data destruction policies at the end of a lifecycle, may result in data loss and data disclosure, because hard disks might be discarded without being completely wiped or might not be wrecked at all because other tenants might still be using them. Hence, one can say media sanitization is hard or impossible due to resource pooling and elasticity in cloud environments. Since pooling and elasticity entail that resources allocated to one user will be reallocated to a different user at a later time, it might be possible for subsequent tenants to read data previously written. In fact, the media recently reported a case related with sanitization. Basically, cloud recycling, as it was termed, consists in reusing a cloud instance previously used by another customer. What was strange in the case was that of the instance being exposed to massive amounts of network traffic right after being lit up. It should have been zero. After the new customer investigated, it was found that an Internet Protocol (IP) address was maybe cached and that it belonged to an ad company that perhaps did not realized that IP was still part of their live infrastructure. The instance was nonetheless returned by the new customer. This case describes an innocent oversight that could render all cloud safeguards irrelevant if a bad actor happened to gain access to that instance. Pearson said there is a higher risk to customers when reusing hardware resources than dedicated hardware. (†1640)