Bringing together the Apache Cassandra experts from the community and DataStax.

Want to learn? Have a question? Want to share your expertise? You are in the right place!

Not sure where to begin? Getting Started

 

question

Dex avatar image
Dex asked Erick Ramirez answered

Is deletion of data or snapshot deemed secure similar to Linux shred?

Hi All!

I'm potentially working with Cassandra as a store for some sensitive data. This data I want to be able to delete securely (securely meaning that the data is irrecoverable from the storage e.g similar to the shred command in Linux), I think there are 2 scenarios where this will need to happen.

1. When I delete a record (a tombstone is entered and the compaction will complete it) - does this securely remove it?

2. When I remove a snapshot using:

nodetool clearsnapshot

If anyone is able to shed some light on these 2 scenarios and whether or not they are deemed "secure", or if anyone has had to handle this requirement before, it would be greatly appreciated.

Many thanks!

Dex

security
10 |1000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

Erick Ramirez avatar image
Erick Ramirez answered

When deleted data is eventually compacted out, the corresponding SSTable is deleted from the disk by Cassandra using the Java NIO library. This effectively means that the deletion is done at the filesystem level, that is, only the inode for the SSTable file *-Data.db (and inodes for the associated component files including *-Index.db and *-Statistics.db among others) is changed or marked for deletion with the disk blocks released so they could be reused/overwritten for new files but those disk blocks are not immediately scrubbed of their contents.

Similarly when snapshots are cleared, the operation only releases the inodes -- the underlying blocks on the filesystem do not get changed immediately. Using some advanced disk utilities, it is possible to inspect the disk blocks and retrieve their contents.

DataStax Enterprise (DSE) has a feature called Transparent Data Encryption (TDE) where data-at-rest is encrypted so the contents of SSTables are not accessible without the decryption keys. The alternative for open-source Cassandra clusters is to use volume-encryption software. Cheers!

Share
10 |1000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.