In the latter case (virtual servers, or containers) you have almost no real guarantees that shred(1) or friends will be effective, because you likely have no idea how the provider is implementing storage under the covers. Therefore you are entirely reliant on them, this opacity is a serious issue in the industry (IMO) and even worse is when you are told to expect one behaviour and encounter another!
It's not all that uncommon for physical servers to have their drives pulled and then subjected to a three-stage destruction process wherein they are first degaussed, then thrown into a "shearing" device which cuts them up into more manageable chunks before being "shredded" into fairly small chunks.
There are all kinds of standards for drive destruction but I know some units can output nothing larger than 0.75" x 1" chunks which coupled with degaussing is probably "very fatal".
Data destruction in this manner is required in many government applications (usually depends on the Impact Level) and most large corporations have fairly rigid policies governing how data (and the things used to store it) are destroyed once they are no longer useful.
Erasing data properly from NAND is seriously difficult so even things like shred(1) are not guaranteed to work. Writing over the block device from within the OS also may not get it all because of the firmware doing interesting things (i.e. wear-leveling) however it is thankfully still vulnerable to being bashed with a hammer or shredded.
In the latter case (virtual servers, or containers) you have almost no real guarantees that shred(1) or friends will be effective, because you likely have no idea how the provider is implementing storage under the covers. Therefore you are entirely reliant on them, this opacity is a serious issue in the industry (IMO) and even worse is when you are told to expect one behaviour and encounter another!
It's not all that uncommon for physical servers to have their drives pulled and then subjected to a three-stage destruction process wherein they are first degaussed, then thrown into a "shearing" device which cuts them up into more manageable chunks before being "shredded" into fairly small chunks.
There are all kinds of standards for drive destruction but I know some units can output nothing larger than 0.75" x 1" chunks which coupled with degaussing is probably "very fatal".
Data destruction in this manner is required in many government applications (usually depends on the Impact Level) and most large corporations have fairly rigid policies governing how data (and the things used to store it) are destroyed once they are no longer useful.
Erasing data properly from NAND is seriously difficult so even things like shred(1) are not guaranteed to work. Writing over the block device from within the OS also may not get it all because of the firmware doing interesting things (i.e. wear-leveling) however it is thankfully still vulnerable to being bashed with a hammer or shredded.