[woliveirajr]

> Disks get the following treatment:

> “We enable hardware encryption support in our hard drives and SSDs and meticulously track each drive through its lifecycle. Before a decommissioned encrypted storage device can physically leave our custody, it is cleaned using a multi-step process that includes two independent verifications. Devices that do not pass this wiping procedure are physically destroyed (e.g. shredded) on-premise.”

Interesting. There were discussions on the past on how to clean HDD, if multiple-passes were really necessary or not.

Then SDD become the problem, since there is a interface between what you see (from the OS) and where the data really is (inside those chips). Now Google not only encrypts data before saving (that should be enough, no?) but also tries to wipe using multiple passes and 2 verifications.

Wonder how many companies do that.

[problems]

If you use on-board crypto on most SSDs, there's a dedicated place for key storage and using the SSD's onboard wipe feature just changes the key and TRIMs the whole drive.

Most of these drives use cryptographic keys even if you don't use a password on the device. Think about it as an SSD manufacturer - what's the easiest way to wipe a drive? To actually go and zero out every cell on the disk or to overwrite a very small cryptographic key with a new one - effectively destroying the data without the need for any other write cycles to occur.

Pretty easy to verify - if you have an SSD with support for this, which most do now.

[throwawayish]

> Think about it as an SSD manufacturer - what's the easiest way to wipe a drive?

That's not the reason why encryption is always on. Flash endurance is; encrypting the data before FEC means that it will have a random distribution, which avoids pathological worst cases with certain workloads. You could also use a different (cheaper) scrambler than AES (like CPUs do [1]), but since encryption is a marketable feature...

[1] Which are also switching to using AES and offering memory encryption in current mainstream architectures.

[problems]

Ah, interesting. That's really cool. I guess it makes things easier for them and better for their customers in several ways at once.

[nom]

'multi-step process' doesn't imply they are wiping more than once, only that their procedure consists of multiple steps (e.g. wipe + verification)

[sphix]

The article specifies two independent verifications.

[tscs37]

I remember reading up on the BND (German Intelligence Agency) Guidelines on how they wipe their data.

They basically wipe the drive first and verify it appears to be wiped and then shred it. The highest level allows for only 0.5mm^2 sized particles with tolerance up to 1.5mm^2.

If data is encrypted, then in theory destroying the key should be sufficient given that the encryption is good (Chapoly or AES)

[kevincox]

It also depends on how long you want the data to be safe. So if you are storing user data you probably don't want to release drives containing encrypted user data as you don't long they wanted that data to remain secret for.

Imagine that your user was Coca-cola and they uploaded their recipe. They wouldn't be happy if in 100 years the encryption was cracked.

Far fetched, maybe slightly but a real consideration.

[tscs37]

Well, yes, that's what you shredder them for.

[donavanm]

Check out "Opal" and "SED" https://en.m.wikipedia.org/wiki/Opal_Storage_Specification. Many (most?) drives support it these days. When I briefly looked a year or two ago basically all drives had the physical capability, but some firmwares didnt expose it to the iser. As always key management is the hassle.

[dspillett]

>* Devices that do not pass this wiping procedure are physically destroyed on-premise*

If you are going to go to that much effort why not physically destroy the drive anyway? You might still want to test them to flag up problems in your process, but if you have the facility locally why not use it for all drives instead of paying an external party to do some of them?

[detaro]

They don't say that the drives are all destroyed by the external parties. And even if they are, I could imagine that proper recycling is easier if you have the full drives and not a shredded mixture of all the materials in it.

[dx034]

Thought they'd shred all disks? This reads as most drives (all passing the test) are sold to others.

Would be interesting to know where you can buy old Google disks? Should be rather high volume.

[CuriousCosmic]

They likely recycle the disks rather than sell them. I'd imagine that reclaiming the materials is cheaper with intact disks compared to shredding.

[jabl]

I guess at their scale and the business they're in, it's cheaper to dedicate a few engineer-hours/days/weeks to implement an overkill wiping procedure rather than arguing with potential customers that "no, it's not really feasible to extract usable data with an electron microscope despite what you have read on the interwebs". Or even worse, losing said customers if they're not persuaded by your arguments.