[
https://issues.apache.org/jira/browse/HDFS-11357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15834779#comment-15834779
]
Koji Noguchi commented on HDFS-11357:
-------------------------------------
Andrew, are your compliance/legal people ok that there still could be lost
datanodes (that are currently not participating with the cluster) possibly
containing the supposed deleted blocks?
> Secure Delete
> -------------
>
> Key: HDFS-11357
> URL: https://issues.apache.org/jira/browse/HDFS-11357
> Project: Hadoop HDFS
> Issue Type: New Feature
> Reporter: Andrew Purtell
> Assignee: Andrew Purtell
> Priority: Minor
> Attachments: 0001-HDFS-secure-delete.patch
>
>
> Occasionally for compliance or other legal/process reasons it is necessary to
> attest that data has been deleted in such a way that it cannot be retrieved
> even through low level forensics (for some reasonable definition of this that
> typically excludes the resources a state actor can bring to data recovery).
> HDFS at-rest encryption offers one way to achieve this, if the data keying
> strategy is highly granular. One simply "forgets" a key corresponding to a
> given set of files and the data becomes irretrievable. However if HDFS
> at-rest encryption is not enabled or a fine grained keying strategy is not
> possible, another simple strategy can be employed.
> The objective is to ensure once a block is deleted no trace of the data
> within the block exists on disk in unallocated regions, for all blocks,
> providing assurance deleted data cannot be recovered at any time through
> reasonable effort even with low level access.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
