Google this week released detailed information about the process the company uses for handling data deletion requests by enterprises using its cloud services.
In a whitepaper titled Data Deletion on Google Cloud Platform, the company explains how the process is designed to ensure safe and effective deletion of data from active systems, backup volumes and physical storage media.
Generally, prior to deletion all customer data on Google cloud is encrypted at rest, replicated on active systems to ensure uninterrupted availability and copied to backup systems as protection against loss and to ensure data integrity.
Enterprises can ask for their entire account to be deleted, or just the data associated with a specific cloud project or resource. When any data is flagged for deletion, Google marks it as deleted and makes it unavailable for further use. However, the company implements a grace period before beginning to actually logically delete the data to ensure that organizations have a way to recover anything that may have been deleted by mistake, Google said in its whitepaper.
After the grace period has ended, Google uses one of two methods to delete data from active systems—cryptographic erasure and what it calls a mark-and-sweep garbage collection process where the deleted data is completely overwritten over time. Google uses a similar process of overwriting data or using cryptographic methods for deleting customer data from backup storage.
“Long after deletion has occurred, the final step in assuring deletion is to securely decommission our physical storage media,” said Eric Chiang, product manager with Google’s cloud security and privacy group.
Google’s media sanitization process is designed to ensure that deleted data on decommissioned storage media is completely irrecoverable through forensic or laboratory attacks. Hard drives that have been retired are overwritten with zeros and go through a multistep inspection process to ensure they contain no recoverable data.
All physical storage equipment with the company’s data centers is tracked—via asset tags and bar codes—from acquisition and installation through destruction. According to Google, it also employs a slew of methods, such as metal detection, biometric identification, laser-based intrusion detection systems and vehicle barriers, to prevent equipment from leaving its data centers in unauthorized fashion.
In instances where a storage media cannot be securely erased, Google physically destroys it by either crushing and deforming the drive or shredding it to bits before recycling.
Google’s latest whitepaper is part of an ongoing effort by the company to inform enterprises about the measures it takes to ensure that enterprise data is securely handled in the cloud. Although organizations have been moving more workloads to the cloud in recent years, concerns about unauthorized access and data leaks continue to persist and, in many cases, hamper cloud adoption.
Just earlier this week, Google released another whitepaper, this one describing the company’s process for responding to incidents involving the confidential, integrity and availability of customer data on Google Cloud Platform. Recently, the company also released a new tool that gives enterprises a way to monitor any access to their cloud workloads by Google administrators and support staff.