Client wants physical proof we destroyed their cloud data, but we are a multi-tenant SaaS. Is crypto shredding enough?Solved

It is actually the standard solution for cloud environments exactly because of the problem you are facing. 

When data is encrypted properly, it is scrambled into complete gibberish. The encryption key is the only complex algorithm that can unscramble it. Crypto shredding simply means you securely and permanently destroy that specific key instead of trying to hunt down and overwrite every single piece of the client data across your shared servers. 

Once that key is gone, the data is computationally impossible to read ever again. Even if a hacker or the client got their hands on the raw files, it would take supercomputers millions of years to guess the key. Because of this, privacy laws like GDPR fully recognize crypto shredding as a valid, permanent data wipe. The leftover data is just useless digital noise. 

@ryanmoore is spot on about the leftover data becoming useless noise, but there is a major catch when the auditors actually show up to verify it. The entire process hinges entirely on your key management. 

Crypto shredding only works if the key is truly gone. If your system automatically backed up that encryption key to a disaster recovery server, or if a developer saved a copy somewhere, you have not shredded anything. To satisfy the legal team of that client, you cannot just say the data is deleted. You need to hand them the automated system logs proving that their specific encryption key was permanently destroyed and that no secondary copies exist anywhere in your network. 

Also, a quick warning. This only works if you assigned this client their own unique encryption key from the start. If their data is encrypted using the same master key as your other active customers, you cannot shred it because deleting that key would instantly wipe out everyone else on the platform too!