In a cloud environment, your security team needs to decommission a virtual machine quickly while leaving the provider's underlying hardware intact for reuse. Which data-sanitization technique renders the stored data permanently unreadable by securely destroying the encryption key rather than overwriting or physically destroying the storage media?
Cryptographic erase-also called crypto-shredding-invalidates or deletes the encryption key protecting the data. Without the key, the ciphertext cannot be decrypted, so the data becomes infeasible to recover. NIST SP 800-88 Rev. 1 lists cryptographic erase as a media-sanitization method that can meet purge-level requirements when properly verified. Overwriting, degaussing, and physical shredding also sanitize data, but they rely on physically manipulating the media, which is impractical in most cloud scenarios.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is crypto-shredding?
Open an interactive chat with Bash
Why is crypto-shredding preferred over physical destruction in certain cases?
Open an interactive chat with Bash
What is NIST SP 800-88 Rev. 1, and how does it relate to crypto-shredding?