Your company is in the planning stages of moving applications that have large data sets to a cloud environment.
What strategy for data removal would be the MOST appropriate for you to recommend if costs and speed are primary considerations?
Your company is in the planning stages of moving applications that have large data sets to a cloud environment.
What strategy for data removal would be the MOST appropriate for you to recommend if costs and speed are primary considerations?
Cryptographic erasure involves encrypting the data and then securely deleting the encryption keys, rendering the data useless. This method is quick and cost-effective, especially in cloud environments where physical destruction of media or shredding is impractical. Overwriting can be time-consuming depending on the data size and storage technology used, whereas cryptographic erasure provides a swift and reliable solution.
C. Crypthographic erasure
Surely overwriting is quicker and cheaper?
Not quicker for large amount of data.
delete keys, thats only few clicks. The answer is correct
Looks C to me. If someone has already passed the exam, can review all questions and put their response to support exam takers.
Encrypting data and then encrypting the keys and then deleting the keys will take more time than just overwriting the data. In terms of speed i think overwriting is more correct than Cryptoshredding. but in terms of Security Crypto shedding is better than overwriting
data deletion needs to be "defensible destruction", overwrite doesn't provide this. destruction and shredding is not often an option and not cheap either.
Ok if data are already encrypted, but if not? This could take more time...
Overwriting is the fastest/cheapest option provided. Encrytping data takes time' Encrytpion takes horse power to do quickly. It is both CPU and Disk intensive. The larger the data set, the longer the time. Encrypting large Virtual disks can be time consuming. Additional steps are required when destroying disks that contain OS can not be done while server is running. .. media deistructuon is fastest. . One call to the appropriate provider and the disks servers are dust. usually next day. In my earlier days, I have used a drll press to kill disks. 2 seconds per disk . SSD storage modules would be simpler to destroy ( Hammer )
Why Not the Others? A. Shredding → Physical destruction of hard drives is secure but costly and slow for large datasets. B. Media Destruction → Like shredding, destroying the media is unnecessary if the storage will be reused or repurposed. C. Cryptographic Erasure → Ideal for cloud storage, but on-prem systems may not use encryption, making CE ineffective if the data was stored in plaintext.
If the organization is moving large datasets from on-prem to the cloud, the best balance of cost, speed, and security for data removal is overwriting (also called data sanitization). Overwriting replaces existing data with random or predefined patterns, making it unrecoverable without destroying the hardware. It is faster and more cost-effective than physical destruction while meeting compliance requirements for decommissioning on-prem systems. Many regulatory frameworks (NIST 800-88, DoD 5220.22-M) allow overwriting as an acceptable data sanitization method before hardware reuse or disposal.