When it comes to cloud computing, contract terminations can occur for a number of reasons. Due diligence requires companies to lay out an exit plan for what happens if a cloud provider does not work out as expected. When a cloud vendor relationship eventually ends — and they always do — the primary security-related focus for an exit plan is to protect your company data during the transition from the cloud environment.
What to Include in Your Cloud Provider Exit Plan
Termination and disposal are part of any contract closeout, which may include wiping or decommissioning IT assets. Particular emphasis should be placed on proper preservation of the data that is stored, transmitted or processed within the cloud so that the data is effectively migrated or archived in accordance with applicable records management policies and regulations.
An exit plan should determine the required actions for the disposal of your data, which includes:
- Identifying how the removal of the cloud vendor service affects other IT assets and your company’s needs, such as customers and customer relationships, business support activities, and technical support teams;
- Determining whether there are any security controls inherited from the IT assets being decommissioned and how or if these controls will continue to be supported;
- Addressing the preservation and transfer of data, IT assets and intellectual property in accordance with your record retention policy and any other legal or compliance requirements;
- Implementing all security controls that address IT asset termination and disposal to include media sanitization, configuration management and change control;
- Identifying all locations where data is/was stored and taking appropriate sanitization steps; and
- Updating IT asset tracking and management inventories with the new status of the decommissioning assets.
Sanitize Media
Since the decommissioning of an IT asset or termination of a cloud vendor relationship is a final decision, it’s crucial to protect the data involved from inadvertent access or release. Conduct media sanitization on any IT asset where the residual magnetic or electrical representation of data is deleted, erased or written over and disposed of properly. You will also need to comply with policies, applicable laws and regulations, and licensing or other agreements when IT assets are sold, donated or discarded.
Media sanitization tasks should involve one of the following processes:
- Using a triple pass methodology to overwrite the asset with a random character/pattern.
- Executing the built-in firmware, Secure Erase Command (for ATA hard drives), where technically available.
- Degaussing the IT asset.
- Following contract-specific sanitization requirements if more stringent.
Other media sanitization priorities include:
- Updating the IT asset inventory and tracking system to reflect the removal or change to sanitized media impacting any IT assets; and
- Overseeing secure archiving or distribution of any data your company needs to retain, repurpose or reuse.
You should require a certificate of destruction or certificate of recycling to verify that IT assets were properly sanitized, including items such as serial numbers and type of sanitization performed. Ensure the cloud vendor has properly sanitized all copies it holds.
Dispose of Hardware and Software
Dispose of software in accordance with licenses or other agreements, laws and regulations. There should rarely be a need to destroy hardware, except for some storage media containing sensitive data that cannot be sanitized without destruction. As a result, you should remove and physically destroy any media that cannot be sanitized appropriately.
Hardware and software disposal tasks should involve one of the following processes:
- Disintegration by separating into component parts.
- Incineration by burning completely to ashes in a licensed incinerator.
- Pulverization by grinding to a powder or dust.
- Shredding by cutting or tearing into small particles internally or via secure onsite shredding by a third-party vendor.
Other hardware and software disposal considerations include:
- Updating the IT asset inventory and tracking system to reflect the removal or change to hardware and software impacting any IT assets; and
- Overseeing secure archiving or distribution of any data your company needs to retain, repurpose or reuse.
You should still require a certificate of destruction or certificate of recycling for hardware and software as well.
Preserve Data
Ensure that data migrating from the cloud can be read and correctly interpreted, rendered in a format that users can understand, and trusted as accurate representations of their logical and physical structure, substantive content and context.
To achieve these goals, data preservation tasks should minimally include the following processes.
Acquire Data in Preservation-Ready Formats
Data, along with scanned images, will typically be created or captured in a preservation-ready format. Acquisition or ingestion of data already in preservation-ready formats can reduce the workload of a repository because it will not be necessary to convert or normalize data to open-standard, technology-neutral formats.
Acquire and Normalize Data in Near Preservation-Ready Formats
Near preservation-ready formats are native proprietary file formats that can be easily normalized to preservation-ready file formats through software plug-ins that are widely available.
Acquire Legacy Data
Legacy data may have been initially created in a proprietary file format that is obsolete and no longer supported by the cloud vendor. Data embedded in legacy file formats typically can only be recovered and saved in a preservation-ready format if special code is written to extract the data from the legacy format. Once extracted, the data can be written to a contemporary format.
Adopt Preferred Open-Standard, Technology-Neutral Formats
Open-standard, technology-neutral file formats include text, images, photographs, vector graphics, moving images, audio and webpages. Adoption of these file formats means the data repository will support their use in its internal data preservation activities.
Capture and Save Preservation Metadata
Preservation metadata, which consists of tracking, capturing and maintaining documentation of all preservation actions associated with data, involves identifying these events, the agents that executed the actions and the results of the actions, including any corrective action taken. Saving this metadata, along with the hash digest integrity validations, enables robust chain of custody and establishes a basis for the trustworthiness of data in the custody of a repository.
Maintain Bit Streams’ Readability Through Device/Media Removal
Digital storage device or media is not exempt from degradation and technology obsolescence. Device/media renewal is the best way to keep bit streams available. Failure to maintain the readability of bit streams over time will result in the data being unrecoverable and likely permanently lost.
Migrate to New Open-Standard, Technology-Neutral Formats
Open-standard, technology-neutral formats are not immune to technology obsolescence. The inevitable changes in data technology mean new open-standard technology formats will be created that displace current ones. The solution is to migrate from an older or current open-standard, technology-neutral format to a newer one. Seamless migration from old to new open-standard, technology-neutral formats is made possible through backward compatibility, where a new standard can interpret digital content in an old standard and then save it in the new format standard.
Protect the Integrity and Security of Data
Imperfect technologies, along with accidental human error and intentional human actions, can corrupt or compromise the integrity of data through some alteration in the underlying bit stream. The best way to validate that no unauthorized changes to data occur is to compute a hash digest before a preservation action occurs and after the action is completed. If there is a change of only one bit, then a comparison of the two will identify it.
An Exit Plan Is Crucial to a Successful Start
Companies need to execute a cloud vendor exit plan with an orderly approach to protecting data during the transition. According to Gartner, companies “must prioritize risk mitigation as part of their cloud implementation. A carefully designed and regularly updated exit strategy for IaaS, PaaS and SaaS applications must be part of any cloud strategy.”
Every cloud provider may not be able to meet your diverse requirements and workloads across all lines of your business and applications. There are many cloud vendor choices available on the market, and the provider you select today won’t necessarily be your vendor of choice tomorrow. That’s why a carefully thought out exit plan is crucial to the overall success of your cloud partnership.
Cloud Security and Compliance Leader, IBM Cloud