zlacker

[return to "GDPR: Don't Panic"]
1. mbruml+ns[view] [source] 2018-05-18 13:29:18
>>grabeh+(OP)
I can tell you that GDPR is going to cause issues with block based backups. Many hosting providers don't separate customers on different block devices. When you back up a block device you have snapshots that have many different organizations data on them.

Part of making good backups is knowing that the backup can't change. The only solution now is to add paths to go back and modify those backups to remove customer data when asked too.

That is my plight anyways.

◧◩
2. acdha+EP[view] [source] 2018-05-18 16:25:04
>>mbruml+ns
The conventional solution to that problem I’ve heard for the last couple decades is to use encryption so the backup doesn’t need to be altered ahead of your normal rotation schedule as long as you can probably drop a customer’s key on demand.
◧◩◪
3. mbruml+4j1[view] [source] 2018-05-18 19:58:28
>>acdha+EP
The backups are encrypted, but the there is no way for the backup software to know one client's data from the other. Its block based, so all it sees is a volume.

Post hosting providers, or anybody really don't create new volumes for each customer. They would simply have a directory per client. Onces you start needing to know more about the file system then you sort of waste all the benefits block based backups provide.

By block based I mean volume based, were we simply copy the allocated blocks of the file system that changed between each backup.

◧◩◪◨
4. Boulth+RE2[view] [source] 2018-05-19 20:57:46
>>mbruml+4j1
I think the parent means encrypt customer data with key specific to that customer. When you erase that customer key their data becomes irreversibly damaged.
[go to top]