Question

How can a data set be reliably and securely erased after it was stored in the cloud?

Context

In cloud environments, including those with endpoint devices deployed at large, data is often replicated and shared across a large number of physical devices, sometimes geographically dispersed. This makes guaranteed secure data deletion in the traditional sense difficult, if not impossible.

Solution

Encrypting the data at rest reduces the problem of managing entire data set deletion to the problem of managing cryptographic key lifetime. As cryptographic keys used for encryption at rest are small, they are far more manageable then potentially huge datasets, and can be kept in controlled storage (e.g. HSMs). Cryptographic deletion then amounts to secure destruction of the key data. Provided that the keys have not been compromised throughout their lifetime, and forward-secure cryptographic algorithms have been used, cryptographic deletion guarantees illegibility of the encrypted data set, up to the security guarantees provided by the encryption algorithm.