AWS: What does Amazon do with your data after decommissioning server?
This past week, a customer asked this question after we let them know that we ran our servers in Amazon EC2. Of course, I was stumped, since the only thing I know about decommissioning servers at the moment is just formatting them 5 times, and/or killing virtual instances. This was definitely a question I had not thought of. Well, I decided to create a post on the AWS Forums to ask the great AWS community if they had the answer.
Thanks to the moto@AWS, we had our answer by the next day. moto@AWS pointed me over to the AWS Security Whitepaper. Here is the answer:
Storage Device Decommissioning
When a storage device has reached the end of its useful life, AWS procedures include a decommissioning process that designed to ensure customer data are not exposed to unauthorized individuals. AWS uses the techniques detailed in DoD 5220.22-M (“National Industrial Security Program Operating Manual “) or NIST 800-88 (“Guidelines for Media Sanitization”) to destroy data as part of the decommissioning process. If a hardware device is unable to be decommissioned using these procedures the device will be degaussed or physically destroyed in accordance with industry-standard practices.
I hope that helps if you were wondering, too!