Dex avatar image
Dex asked Erick Ramirez answered

Is deletion of data or snapshot deemed secure similar to Linux shred?

Hi All!

I'm potentially working with Cassandra as a store for some sensitive data. This data I want to be able to delete securely (securely meaning that the data is irrecoverable from the storage e.g similar to the shred command in Linux), I think there are 2 scenarios where this will need to happen.

1. When I delete a record (a tombstone is entered and the compaction will complete it) - does this securely remove it?

2. When I remove a snapshot using:

nodetool clearsnapshot

If anyone is able to shed some light on these 2 scenarios and whether or not they are deemed "secure", or if anyone has had to handle this requirement before, it would be greatly appreciated.

Many thanks!


10 |1000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

Erick Ramirez avatar image
Erick Ramirez answered

When deleted data is eventually compacted out, the corresponding SSTable is deleted from the disk by Cassandra using the Java NIO library. This effectively means that the deletion is done at the filesystem level, that is, only the inode for the SSTable file *-Data.db (and inodes for the associated component files including *-Index.db and *-Statistics.db among others) is changed or marked for deletion with the disk blocks released so they could be reused/overwritten for new files but those disk blocks are not immediately scrubbed of their contents.

Similarly when snapshots are cleared, the operation only releases the inodes -- the underlying blocks on the filesystem do not get changed immediately. Using some advanced disk utilities, it is possible to inspect the disk blocks and retrieve their contents.

DataStax Enterprise (DSE) has a feature called Transparent Data Encryption (TDE) where data-at-rest is encrypted so the contents of SSTables are not accessible without the decryption keys. The alternative for open-source Cassandra clusters is to use volume-encryption software. Cheers!

10 |1000

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.