Which of the following methods will ensure that the data is unreadable by anyone else?
Change the volume encryption on the EBS volume to use a different encryption mechanism. Then, release the EBS volumes back to AWS.
Release the volumes back to AWS. AWS immediately wipes the disk after it is deprovisioned.
Delete the encryption key used to encrypt the EBS volume. Then, release the EBS volumes back to AWS.
Delete the data by using the operating system delete commands. Run Quick Format on the drive and then release the EBS volumes back to AWS.
Explanations:
Changing the encryption mechanism does not securely delete the data; it only re-encrypts it with a new key.
AWS does wipe EBS volumes upon release, but this is done on AWS’s timeline and does not meet immediate security requirements.
Deleting the encryption key renders the encrypted data unreadable. Without the key, data cannot be decrypted, ensuring it is inaccessible.
Operating system delete and quick format commands do not fully delete data; they only mark sectors as free, leaving data recoverable.
In my experience, the answer is:
Delete the encryption key used to encrypt the EBS volume. Then, release the EBS volumes back to AWS.
If I’m correct, the answer is:
Delete the encryption key used to encrypt the EBS volume. Then, release the EBS volumes back to AWS.