informa
Quick Hits

Google Cloud Update Gives Users Greater Data Control

External Key Manager and Key Access Justification are intended to give organizations greater visibility into requests for data access.

Google Cloud today debuted new capabilities, External Key Manager and Key Access Justifications, to give customers greater visibility into who requests access to their information and the reasoning behind these requests. They also have the ability to approve or deny them.

Google Cloud encrypts customer data-at-rest by default; users have several options to manage encryption keys. External Key Manager, coming soon in beta, is the next level of control. It works with Cloud KMS and lets users encrypt data in BigQuery and Compute Engine. Encryption keys are stored and managed in a third-party system outside Google. The idea is to let companies separate data and encryption keys while still using cloud compute and analytics.

Key Access Justifications is a new capability designed to work with External Key Manager. When an encryption key is requested to decrypt data, this tool provides visibility into the request and its justification, along with a mechanism to approve or deny the key in the context of that request, using an automated policy set by the administrator via third-party functionality.

This feature is coming soon to alpha for BigQuery and Compute Engine/Persistent Disk, and it covers the transition from data-at-rest to data-in-use, Google reports.

Read more details here and here.

Edgepromohorizontal.jpgCheck out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "How Medical Device Vendors Hold Healthcare Security for Ransom."

Recommended Reading:

MODULE B: Latest content for DR

High-Profile Breaches Are Shifting Enterprise Security Strategy

Increased media attention is driving changes in enterprise security strategy -- some positive, some negative.

Increased media attention is driving changes in enterprise security strategy -- some positive, some negative.


7 Smart Ways a Security Team Can Win Stakeholder Trust

By demonstrating the following behaviors, security teams can more effectively move their initiatives forward.

By demonstrating the following behaviors, security teams can more effectively move their initiatives forward.



What Are Some Red Flags in a Vendor Security Assessment?

The last thing you want is a vendor that lies to you about its security practices.

The last thing you want is a vendor that lies to you about its security practices.


MacOS Security: What Security Teams Should Know

As more macOS patches emerge and cybercriminals and nation-states take aim at the platform, experts discuss how macOS security has evolved and how businesses can protect employees.

As more macOS patches emerge and cybercriminals and nation-states take aim at the platform, experts discuss how macOS security has evolved and how businesses can protect employees.


Loss of Intellectual Property, Customer Data Pose Greatest Business Risks

The slightly "good" news? Security professionals are a little less concerned about certain threats than last year, according to Dark Reading's "State of Incident Response 2021" report.

The slightly "good" news? Security professionals are a little less concerned about certain threats than last year, according to Dark Reading's "State of Incident Response 2021" report.


Name That Edge Toon: Mobile Monoliths

Feeling creative? Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

Feeling creative? Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

Oct 04, 2021


Why Windows Print Spooler Remains a Big Attack Target

Despite countless vulnerabilities and exploits, the legacy Windows printing process service continues to be an attack surface in constant need of repair and maintenance, security experts say.

Despite countless vulnerabilities and exploits, the legacy Windows printing process service continues to be an attack surface in constant need of repair and maintenance, security experts say.


10 Recent Examples of How Insider Threats Can Cause Big Breaches and Damage

Theft of intellectual property, sabotage, exposure of sensitive data and more were caused by malicious behavior and negligence at these organizations

Theft of intellectual property, sabotage, exposure of sensitive data and more were caused by malicious behavior and negligence at these organizations