Memset maintains rigorous data destruction policies to ensure that customer and corporate data does not persist beyond the point of deletion from the system.
Dedicated Servers
All physical hard drives allocated to customer dedicated servers are allocated to the ‘dirty’ pool on termination of the server by the customer. These drives are then logically shredded using a DoD-3 aligned algorithm (two overwrite passes) prior to being returned to the available resource pool.
Cloud VPS
Virtual disks associated with terminated Cloud VPS instances are automatically logically shredded after a 14-day grace period to allow customers to request recovery of their data in the event of accidental termination of service. Logical shredding is performed using a DoD-3 aligned algorithm (two overwrite passes) prior to being returned to the available resource pool. No virtual disks marked ‘dirty’ (terminated, pending sanitisation) are able to be used by other customers until the shredding script has successfully completed. This segregation is maintained automatically by our hosting platform.
Cloud VPS Snapshots are stored on our Cloud Storage platform and therefore subject to the data destruction regime below. Cloud VPS attached Block Storage is subject to the OpenStack data destruction regime below.
OpenStack
Instance storage is based on Ceph Clusters. Hypervisors access the Ceph clusters via the isolated Storage Networks and customer block devices are never present (mounted) on hypervisors. Ephemeral (Image) and Persistent (Volume) storage use separate pools with access secrets strictly controlled and only available to the Open stack Components they require them. On deletion by the customer, the image or volume is rendered effectively unrecoverable. The distributed nature of Ceph ensures to a large degree that access to customer data outside the normal path is very difficult, if not impossible, even for Memset Sysadmins. This data is then overwritten by live data over time by automated data management procedures.
Cloud Storage
Cloud Storage, both as a stand-alone product and as a storage backend for Cloud VPS snapshots, is what is known as an ‘eventually consistent distributed file system.’
As such, the initial and replicated locations of customer data across the storage array is maintained by file mappings, which are deleted immediately on termination of the service or deletion of the customer data. As no access to underlying resources is maintained, this renders the data unrecoverable for any customers. This data is then overwritten with live data over time by automated data management processes.
All physical storage media on unrecoverable failure or end-of-life
All physical storage media, including disks allocated to dedicated servers, OpenStack, Cloud Storage arrays or Cloud VPS hypervisors are logically overwritten using a DoD-3 aligned process and then physically destroyed on unrecoverable failure or end of life. Destruction is provided onsite by a CAS(T) accredited third party by shredding to particulate sizes specified by the CAS(T) standard and certification of destruction is provided to Memset. This process is aware of and compliant to the differing particulate standards applicable to hard drives and SSDs. No previously used drives are permitted to leave Memset custody without undergoing this process