We are deleting a virtual machine that hosted an Oracle database that stored regulated data. The reason is an OS change (Windows 2003 → Windows 2012). The data will be transferred to a new virtual machine (backup and restore) and once we demonstrated that all the data was successfully transfered we will delete the old virtual machine from the VMware datastore. I found an article by VMware that details how to securely delete a virtual machine that held sensitive data ( VMware vSphere Documentation ). I proposed to include that procedure in our change control that covers the deletion of this Virtual Machine but IT doesn’t want to do it and says that it not necessary to do that extra step. Since the procedure exists and additionally it seems very easy to do (very little overhead for IT) I don’t know why we would not do it. For me the VMware article seems like a good practice to follow for regulated virtual machines. What do you guys think? Any recommendations on this?
I would probably agree with IT. While you can effectively decommission a database, deleting it is a WHOLE nother thing (you can’t unring that bell!). And there are regulations that state you must kept your documents (database) around 7 years (read forever) after a lot has expired. You may in the future (for legal purposes?) have to retrieve some old data.
I agree that it does look like a simple process for IT to adopt in the CC, and overwriting the physical allocation with zeroes seems like a virtual decommissioning. I’d suggest trying to follow up with discussion to figure out the aversion to doing this. Questions to ask IT may be:
Do they practice another process for deleting or “zeroing” out the physical portion of the actual hardware?
Do they intend to re-purpose it (physical hardware) immediately and start overwriting the portion that contained the sensitive data?
Will the actual physical hardware be destroyed after decommissioning or re-purposed within the company?
This sounds like an opportunity to start a good discussion with your IT friends around VM topics that may lead to updating or creating an SOP for these scenarios.
Past projects I have worked on, once we migrated to the new server (target) and verified all data and metadata was intact we decommissioned the old server (source), and physically destroyed it as part of life cycle management for old hardware.
The target then became the system of record, going forward for record retrieval.
Thank you for the post, it already has me thinking what I need to do to start the conversation with IT in my company.