How does Azure delete the data when an Azure Disk attached to a VM is deleted

Mayur Puli (Sonata Software North America) 21 Reputation points
2021-11-29T22:46:13.86+00:00

Hello All:

I am working with one of my customers and their ask is "If I delete an Azure disk that has been attached to a VM and contains sensitive/proprietary data, how is that data protected, wiped, or guaranteed to be inaccessible to third parties?"

I did go through this document related to data center security for DBD(data bearing devices) destruction : https://learn.microsoft.com/en-us/compliance/assurance/assurance-data-bearing-device-destruction#data-destruction-overview. The document highlights the data sanitization categories but it does not come out clearly which category of sanitization is applied when an Azure disk is deleted.

Can you throw some light here? or atleast point me to right set of document resources?

Thanks,
--Mayur
Azure Professional Direct

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,164 questions
Azure Disk Storage
Azure Disk Storage
A high-performance, durable block storage designed to be used with Azure Virtual Machines and Azure VMware Solution.
573 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,729 questions
0 comments
Accepted answer
  1. Vadims Podāns 9,036 Reputation points MVP
    2021-12-02T11:28:34.667+00:00

    Does a deleted disk is considered as a retired DBD? If so, that answers the question

    no, it doesn't considered a retired DBD. Azure disks are virtual disks (literally, files) which may span one or multiple hardware disks. These disks may or may not be shared with other customers' data. When virtual disk is deleted, the physical disk is not necessary disposed, so your use case doesn't fall to retired DBD destruction policy. I think, this article gives a bit more hints: https://learn.microsoft.com/en-us/compliance/assurance/assurance-data-bearing-device-destruction, specifically:

    Microsoft uses three categories of data sanitization for DBDs and assets containing data:
    Clear: relates to the logical techniques that help to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques. These are techniques typically applied through the standard read and write commands to the storage device, such as by rewriting with a new value or using a menu option to reset the device to the factory state (where rewriting is not supported).

    I think, this is your use case. This means that once you delete the VM disk is deleted, a "Clear" process is executed to wipe the data space previously allocated to your VM disk only. Then, cleared space can be allocated to very different customer. The link to NIST document (see response from @Bhanu Ejjagiri ) describe "Clear" process in a bit more details.

    Physical disc destruction/retirement is a separate process which relies on hardware metrics such as read/write cycles, MTTF (mean time to failure) and/or other internal policies which are not related to VM disk delete processes.

    1 person found this answer helpful.

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bhanu Ejjagiri 261 Reputation points Microsoft Employee
    2021-12-01T20:34:54.873+00:00

    Hi @Mayur Puli (Sonata Software North America)
    Greetings for the day.

    Each Microsoft datacenter uses an on-site process to sanitize and dispose of failed and retired DBDs. During this process, Microsoft personnel ensure chain of custody is maintained throughout the disposal process. And it is destroyed onsite using an approved standard operating procedure that meets NIST SP-800-88 guidelines. These DBDs are physically and logically tracked to maintain chain of custody through final disposition.

    Reference # https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf

    0 comments
  2. Mayur Puli (Sonata Software North America) 21 Reputation points
    2021-12-01T20:55:18.123+00:00

    Thank you Bhanu for your response. My main question is on the data stored in the Azure Disk (attached to a VM), the 1s and 0s. How is the data deleted and what standard Microsoft follows here.

    The document here : protection-customer-data , says that Microsoft follows strict standards for overwriting storage resources before their reuse, as well as the physical destruction of decommissioned hardware. Other than that not much of information is available.

    Does a deleted disk is considered as a retired DBD? If so, that answers the question

    Regards,
    --Mayur

    0 comments
  3. Limitless Technology 39,376 Reputation points
    2021-12-02T20:57:59.017+00:00

    Hi @Mayur Puli (Sonata Software North America)

    When you delete a virtual machine (VM) in Azure, by default, any disks that are attached to the VM aren't deleted. This feature helps to prevent data loss due to the unintentional deletion of VMs.

    So when you need to delete the data from the data disk ensure that the lease status is “unlocked” and that the lease state is “Available.” This indicates that the disk is not attached to any VMs and this will automatically delete the data .

    Microsoft does not inspect, approve, or monitor applications that customers deploy to Azure. Moreover, Microsoft does not know what kind of data customers choose to store in Azure. Microsoft does not claim data ownership over the customer information that's entered into Azure.

    You can see these policies form here

    https://learn.microsoft.com/en-us/azure/security/fundamentals/protection-customer-data

    https://learn.microsoft.com/en-us/compliance/assurance/assurance-data-retention-deletion-and-destruction-overview

    ----------

    --If the reply is helpful, please Upvote and Accept it as an answer--