Google Cloud today debuted new capabilities, External Key Manager and Key Access Justifications, to give customers greater visibility into who requests access to their information and the reasoning behind these requests. They also have the ability to approve or deny them.
Google Cloud encrypts customer data-at-rest by default; users have several options to manage encryption keys. External Key Manager, coming soon in beta, is the next level of control. It works with Cloud KMS and lets users encrypt data in BigQuery and Compute Engine. Encryption keys are stored and managed in a third-party system outside Google. The idea is to let companies separate data and encryption keys while still using cloud compute and analytics.
Key Access Justifications is a new capability designed to work with External Key Manager. When an encryption key is requested to decrypt data, this tool provides visibility into the request and its justification, along with a mechanism to approve or deny the key in the context of that request, using an automated policy set by the administrator via third-party functionality.
This feature is coming soon to alpha for BigQuery and Compute Engine/Persistent Disk, and it covers the transition from data-at-rest to data-in-use, Google reports.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "How Medical Device Vendors Hold Healthcare Security for Ransom."