Secure removal of sensitive data
First Claim
1. A method for removal of data in a cloud environment comprising:
- receiving an identifier from a user associated with a current data structure stored in a cloud environment, the current data structure comprising spilled data or comprising whitespace where spilled data was stored prior to its deletion;
responsive to receiving the identifier, identifying allocated storage locations in the cloud environment associated with the current data structure;
responsive to identifying the allocated storage locations, creating a copy of the current data structure, the copy free from any remnants of the spilled data;
disconnecting the current data structure from any entities utilizing the current data structure, and redirecting any current connections to the copy of the current data structure to the entities; and
responsive to disconnecting the current data structure from entities and redirecting any current connections, securely removing the current data structure from any physical storage devices where the allocated storage locations reside by overwriting the current data structure with ones, zeros, or a combination thereof.
1 Assignment
0 Petitions
Accused Products
Abstract
Representative embodiments disclose how to remove spilled data from an unauthorized system and/or service in a cloud service. Some embodiments allow a user to remove spilled data in a secure fashion without involving an administrator. Spilled data resides in a data structure backed by allocated storage locations. The system presents a user interface allowing a user to enter information that allows identification of the allocated storage locations. The spilled data is removed from the data structure leaving whitespace in the allocated storage locations where remnants of the spilled data can reside. The system creates a copy of the data structure, removing the whitespace. The system connects the copy of the data structure in place of the original data structure. The original allocated storage locations are then overwritten in a secure manner to remove any remnants of the spilled data.
23 Citations
20 Claims
-
1. A method for removal of data in a cloud environment comprising:
-
receiving an identifier from a user associated with a current data structure stored in a cloud environment, the current data structure comprising spilled data or comprising whitespace where spilled data was stored prior to its deletion; responsive to receiving the identifier, identifying allocated storage locations in the cloud environment associated with the current data structure; responsive to identifying the allocated storage locations, creating a copy of the current data structure, the copy free from any remnants of the spilled data; disconnecting the current data structure from any entities utilizing the current data structure, and redirecting any current connections to the copy of the current data structure to the entities; and responsive to disconnecting the current data structure from entities and redirecting any current connections, securely removing the current data structure from any physical storage devices where the allocated storage locations reside by overwriting the current data structure with ones, zeros, or a combination thereof. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A machine-readable medium having executable instructions encoded thereon, which, when executed by at least one processor of a machine, cause the machine to perform operations comprising:
-
present a user interface to a user containing a form comprising a plurality of fields one of which allowing the user to enter an identifier associated with a data structure or location where spilled data previously resided; receive information via the form from the user comprising the identifier; identify allocated storage based on the identifier; responsive to identifying allocated storage, create a workflow to securely remove the allocated storage, the workflow performing operations comprising; create a backup of a current version of the allocated storage in order to remove whitespace in the allocated storage, the whitespace previously containing spilled data; restore the backup to create a new copy of the current version of the allocated storage; responsive to creating the new copy, disconnect the allocated storage from any entities utilizing the allocated storage; connect the new copy to the entities; and securely remove the allocated storage from any physical storage devices where the allocated storage resides. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computing system implementing secure removal of spilled data comprising:
a processor and executable instructions accessible on a machine-readable medium that, when executed, cause the system to perform operations comprising; present a user interface to a user containing a form that allows the user to identify at least one of; an identifier associated with a site where spilled data previously resided; and a date that a data spill occurred; receive the identifier and/or date from the user; identify an allocated storage in a cloud service architecture where the spilled data was previously stored based on the received identifier and date; create a workflow executed in the cloud service architecture to remove allocated storage from the site, the workflow performing operations comprising; create a backup of the allocated storage in order to remove whitespace that previously contained the spilled data in the allocated storage; restore the backup to create a new copy of the allocated storage; disconnect the allocated storage from any entities utilizing the allocated storage; connect the new copy to the entities; and securely remove the allocated storage from any physical storage devices where the allocated storage resides. - View Dependent Claims (18, 19, 20)
Specification