Deleting your data in Google Cloud Platform
By Google's Eric Chiang, Cloud Security and Privacy Product Manager
September 17, 2018
As part of our ongoing effort to provide transparency around how Google Cloud Platform (GCP) works, we’re pleased to publish a new whitepaper today: Data deletion on Google Cloud Platform. This paper explains what happens when customer data is deleted in GCP and how long it takes to complete Google’s data deletion process.
GCP is designed to achieve a consistently high bar in all key performance goals, including low latency, high availability, scalability, integrity, and durability. Behind the scenes, the same engineering that allows customers to quickly access their data from anywhere in the world, scale their applications up or down to meet dramatic shifts in demand, and protect against catastrophic interruptions in service needs to be balanced carefully to ensure safe and effective deletion of customer data. This new whitepaper explains how we balance these performance objectives so customers can manage their data lifecycle.
Deletion and retention of GCP customer data conforms to these principles:
Prior to deletion, customer data is stored securely
Customer data is encrypted at rest, replicated on active systems, and copied to backup systems to protect against data loss and ensure the availability and integrity of that information. Your data may be replicated in multiple locations to ensure you have uninterrupted access to your projects, even if there are performance-impacting changes in the environment. Redundant copies of your data can be stored locally, regionally, and even globally on active and backup storage systems, depending on the geographic limitations you configure.
When customer data is deleted, GCP completes the following steps in the deletion pipeline:
It generally takes about two months from the deletion request to delete data from active systems and six months to expire deleted data in data center backups, as shown here:
Your data is highly protected on physical media
Our data security authentication and authorization tools work to prevent unauthorized access to the physical disks and drives on which your data is or was stored. You can read more in the Google Infrastructure Security Design Overview whitepaper.
If any component of our physical storage media fails to pass a performance test, conducted periodically to make sure it’s operating properly, at any point during its lifecycle, we remove and retire it from inventory. Whether hardware is decommissioned due to failure, upgrade, or any other reason, storage media is decommissioned using appropriate safeguards.
If you’d like to learn more about the specifics of how we process your data, you can check out the Google Cloud Platform Terms of Service and our Privacy page. And you can find more here on how we process business data.
Enjoy the whitepaper, and rest easy knowing that your GCP data is under your control through its entire lifecycle.