Organizations that operate their own data centers typically have a system in place for securely disposing of hard drives. Although the process can differ considerably from one organization to the next, it is a common practice for organizations to replace physical disks at periodic intervals. Just as securely disposing of hard drives is essential to preventing production systems from experiencing disk failures, the secure decommissioning of virtual disks is essential to protecting sensitive information stored on them.
With that said, some of the methods used for disposing of hard drives in the physical world are not applicable to virtual disks. There are, however, several best practices that you can use to ensure that deprovisioned virtual hard disks do not pose a significant security risk to your organization.
First, you need to be aware of what happens to virtual hard disks when a virtual machine is deleted. Every hypervisor has its own way of doing things, but some hypervisors retain virtual hard disks even after the corresponding virtual machine has been deleted.
In Figure 1, you can see that I am using Microsoft Hyper-V to create a new virtual machine, called VM2. The screen capture, which shows the New Virtual Machine Wizard, depicts the stage of the virtual machine creation process in which a new virtual hard disk is being created. For the sake of illustration, I am storing this virtual disk in the C:\VMs folder. The virtual disk will be named VM2.VHDX.
The new virtual machine will have a virtual hard disk named C:\VMs\VM2.vhdx.
In Figure 2, the new virtual machine has been created. The virtual machine (VM2) is listed within the Hyper-V Manager, and you can see the virtual hard disk (VM2.vhdx) in the C:\VMs folder.
The virtual machine has been created.
Next, I am going to delete the virtual machine by right clicking on it and choosing the Delete command from the shortcut menu. If you look at Figure 3, you can see that although the virtual machine has been deleted and no longer appears in the Hyper-V Manager, the virtual machine’s virtual hard disk remains intact.
The virtual machine has been deleted, but its virtual hard disk remains.
It is critical to be aware of what happens to virtual hard disks when you delete a virtual machine. After all, it is often possible to mount an orphaned virtual hard disk and access its contents.
However, although it is important to delete orphaned virtual hard disks, deletion alone may be inadequate. There are ways of recovering a virtual hard disk, even after deletion.
Before you delete a virtual hard disk, consider encrypting its contents. One easy way to do this is to use File Explorer to map a path to the virtual hard disk’s location, right click on the disk, and select the Mount command from the shortcut menu. This causes your local operating system to mount the virtual hard disk. Once mounted, you can run BitLocker on the virtual hard disk, thereby encrypting its contents. When you are done, right click on the drive letter that represents the virtual hard disk, and select the Eject command. This causes Windows to dismount the virtual hard disk.
Now that the virtual hard disk’s contents have been encrypted, it should be safe to delete it. To prevent anyone from recovering the disk, it is a good idea to use a secure deletion utility such as SDelete. It is worth noting, however, that if the virtual hard disk is stored on a deduplicated volume, the deduplication process may undermine the secure deletion. It is therefore best to move the virtual hard disk to a location at which deduplication is not enabled. It should then be possible to securely delete the virtual disk.
As important as it is to securely delete unwanted virtual hard disks, remember that the actual deletion is only part of the overall process. It is also important to have an administrative process in place that can track and verify the deletion of unwanted virtual disks.