May 23, 2017 By Rick M Robinson 2 min read

The convenience and flexibility of the cloud has transformed data storage for organizations and individual users alike. Cloud storage is especially useful for data that must be shared among multiple users or multiple devices.

But for all its convenience, the cloud also adds a new complexity to the old security challenge of making sure that deleted data is actually erased. Unless you understand how your cloud provider handles data removal, seemingly deleted files can linger on as zombie cloud data, invisible to the user, but still potentially subject to theft or accidental exposure.

Why ‘Deleted’ Doesn’t Always Mean ‘Gone’

According to InfoWorld, the zombie cloud data problem is a variation on a subtle security challenge that is as old as the personal computing era. Deleting a file from local storage removes it from the user’s list of files. Although it seems to be gone, normal deletion does not physically erase the data from a storage device; it only removes the directory entry, telling the operating system that the disk space is available for reuse. This is why files can be “undeleted,” which is often a lifesaver for users who have accidentally deleted their work.

Data storage and deletion in the cloud work in essentially the same way, but with a few technical complications and one big institutional snag. The technical complications relate to the way cloud storage providers ensure that files are readily available when needed and safely backed up against mishaps. In a nutshell, both of these considerations mean that cloud data is normally stored redundantly on multiple servers. To ensure removal of the data, all of these stored copies must be erased. These technical considerations can also apply to data stored on-site by an organization.

But the cloud introduces an additional, more basic complication: The cloud provider, not the user, has physical custody of the data. This means that the provider’s policies actually govern the fate of the data.

Bringing Cloud Security Back Down to Earth

The InfoWorld article asserted that these are not just theoretical considerations. In several reported cases, data that users thought they had deleted years ago resurfaced on major cloud services. In one instance, the data reappeared after an attempted fix went awry. The provider was seeking to eliminate a bug that prevented full erasure of old files — instead, the fix undeleted the files.

Working effectively with a cloud provider to ensure full disposal of cloud data requires more than simply reviewing the provider’s terms of service. Customer and provider must also have a shared understanding of how bugs or other errors can be resolved.

The Cost of Zombie Cloud Data

At stake for cloud users are both compliance issues and the potential exposure of supposedly deleted data. Because organizations are responsible for their own compliance, cloud errors can expose them to sanctions. Even where compliance is not an issue, exposure of zombie cloud data could lead to loss of brand reputation, customers and more.

With studies showing that organizations also struggle with reliable disposal of disks and other on-site storage media, it is clear that zombie data, in the cloud or otherwise, continues to pose a security challenge that organizations need to address in a comprehensive way.

More from Cloud Security

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

The importance of Infrastructure as Code (IaC) when Securing cloud environments

4 min read - According to the 2023 Thales Data Threat Report, 55% of organizations experiencing a data breach have reported “human error” as the primary cause. This is further compounded by organizations now facing attacks from increasingly sophisticated cyber criminals with a wide range of automated tools. As organizations move more of their operations to the cloud, they must also become increasingly aware of the security risks and threats that come with it. It’s not enough anymore to simply have a set of…

How I got started: Cloud security engineer

3 min read - In today’s increasingly cloud-focused business environment, cloud security engineers are pivotal in protecting an organization’s critical data and infrastructure. As experts in cloud security, they leverage their expertise to ensure that the ever-expanding amount of cloud data is safe from emerging threats and vulnerabilities. Cloud security professionals combine their passion for technology with a deep understanding of security principles to design and implement robust cloud security strategies. What experience do these security experts have, and what led them to the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today