Source: Key Access Justifications: a new level of control and visibility from Google Cloud
As enterprises move to and operate in the cloud, they want to control when and how their data is accessed. At Google Cloud, we believe that customers should have the strongest levels of control over data stored in the cloud in addition to the highest levels of security. While there has always been strong demand for control, the technical capabilities to provide it in a meaningful way are extremely challenging to build without making unacceptable tradeoffs in service functionality.
We have made significant progress on this front and want to share more about it with you. Today we’re excited to announce Key Access Justifications, a new capability that works with our External Key Manager to allow our customers to be the ultimate arbiters of access to their data on Google Cloud Platform (GCP).
To bring this capability to the market, we had to address a number of challenging problems and architect our systems so we can deliver granular control, while still retaining much of the flexibility and functionality that you look for when moving to the cloud.
Using Key Access Justifications together with our newly announced External Key Manager product, you’ll receive:
We chose these features because we want you to have visibility into requests for access to your data, understand the reasons for those requests, and be able to selectively permit or deny them. Google Cloud believes we have attained this through the combination of our Customer Managed Encryption Key, External Key Manager, and Key Access Justifications products. For customers to have confidence in this product and similar solutions, we believe that:
We believe that External Key Manager together with Key Access Justifications is the first cloud solution that delivers on these requirements, making customers the ultimate arbiter of access to their data.
Key Access Justifications is coming soon to BigQuery and Google Compute Engine/Persistent Disk, and covers the transition from data-at-rest to data-in-use in these services. This product will be available to a select number of External Key Manager enterprise customers. A detailed blog post about External Key Manager is also coming soon. If you are interested in becoming a potential early adopter, enter your information into this form.