GCP – The future of media sanitization at Google

At Google, protecting your data is our most important responsibility, and we are committed to keeping your data safe. To further this commitment, we are proud to announce that starting in November 2025, we will start transitioning our approach to media sanitization to fully rely on a robust and layered encryption strategy.

This marks a move away from the “brute force disk erase” process we have used for nearly two decades. While overwriting data has been an effective method, the storage technology landscape has changed dramatically. This process is no longer sustainable due to the size and technological complexity of today’s modern media.

A smarter approach: Cryptographic erasure

To address these challenges, we are embracing a more modern and efficient method of media sanitization: cryptographic erasure.

By default, all user data in Google’s services is protected by multiple layers of encryption. Cryptographic erasure leverages this encryption to sanitize media. Instead of overwriting the entire drive, we securely delete the cryptographic keys that are used to encrypt the data. Once the keys are gone, the data is rendered unreadable and unrecoverable.

This method is not only faster but also aligns with industry best practices. The National Institute of Standards and Technology (NIST) recognizes cryptographic erasure as a valid sanitization technique in its special publication 800-88. We are committed to meeting and exceeding these standards to ensure the security of your data.

Enhancing security through innovation

We implement cryptographic erasure with multiple layers of security, employing a defense in depth strategy. Our trust-but-verify model uses independent verification mechanisms to ensure permanent deletion of media encryption keys.

We also protect secrets involved in this process, like storage device keys, with industry-leading measures. Multiple key rotations enhance the security of customer data through independent layers of trusted encryption.

Sustainability and the circular economy

Our previous method of media erasure had an environmental cost. Any storage device that failed our rigorous verification process was physically destroyed. This resulted in the destruction of a significant number of devices each year. 

Cryptographic erasure allows us to move towards a more sustainable, circular economy. By eliminating the need to physically destroy drives, we can reuse more of our hardware. This also allows us to recover valuable rare earth materials, such as neodymium magnets, from end-of-life media. This innovative magnet recovery process is a major accomplishment in sustainable manufacturing, showcasing our commitment to responsible growth.

Our path forward

We have consistently been strong advocates for doing what is truly right for our users, the broader industry, and the world at large. This transition to cryptographic erasure is a direct reflection of that commitment. It allows us to enhance security, align with the highest industry standards, and build a more sustainable future for our infrastructure. We believe this is the right path forward for our users, the industry, and the environment.

For more information about encryption at rest, including encryption key management, see our default encryption at rest security whitepaper.