Secure deletion for sensitive data

Hello and thanks in advance for feedback! We are working with an organization using a self-hosted virtual environment and they want to store sensitive data in MongoDB v3.4 on Ubuntu 16.04. We are hoping to find a way for them to meet regulatory requirements to “securely delete” data when it is no longer needed. Generally, this means doing a multi-pass overwrite of the location where the data was written. However, the organization doesn’t know how to locate the actual location of a piece of data stored in MongoDB. Is this possible? Or is there a secure (US Department of Defense approved) method for deleting data in a virtual environment from v3.4? It did not appear in the system documentation that the inherent delete functions went to this level of deletion.

Hi @Brett_Bane welcome to the community.

The secure delete requirements you mentioned sounds like it should be achieved by the storage layer instead of the database layer. However, I feel it’s a little strange that there is an effort to meet a regulatory requirement regarding data security, while not knowing exactly where the data is stored. Isn’t it contradicting the security requirement?

Having said that, one possible solution is to use MongoDB’s Client-Side Field Level Encryption which is a new feature in MongoDB 4.2. In lieu of actually deleting the documents, you may be able to encrypt sensitive fields in a document, and “delete” them by throwing away the decryption key. See Client-Side Field Level Encryption Guide for details and examples.

I would also strongly recommend to move away from MongoDB 3.4 series, as it’s out of support since January 2020 (3.4 was released in Nov 2016, almost 4 years ago today).

Best regards,
Kevin

1 Like

Thank you for the reply!