1. Architecture

  • A Cloud Filestore instance consists of a single NFS fileshare with fixed export settings and default Unix permissions. 
  • Cloud Filestore automatically encrypts data before it travels outside of the instance to the underlying durable storage layer.
  • The durable storage behind each Filestore instance is encrypted with system-defined keys. 
  • Google distributes Filestore data across multiple physical disks in a manner that users do not control.
  • When a Filestore instance is deleted, Google discards the cipher keys, rendering the data irretrievable as per the description in Data deletion on Google Cloud Platform. 
  • Once the data is deleted, this process is irreversible.