Should you store your data in the cloud?
Is my data safe in Cloud?
GCP Comics #1: Google Cloud & Privacy (Cloud Security)
It is often asked — what happens to my data in cloud? Is it safe and secure? Who has access?
If you are looking for answers to these questions, then you clicked on the right link 😃 In this first season of GCP Comics we will learn Google Cloud Security concepts and have lots of fun along the way.
Here you go! Read on and please share your thoughts in the comments below.
Security requires deep expertise and plentiful dedicated resources to achieve, mainly because it is a multidimensional issue comprising physical (data center) security, platform and network security, proactive threat detection, audits and compliance with industry-specific certifications such as HIPAA and PCI. But the first and most important step in any security conversation is trust.
First and most important step in any security conversation is trust
We know that trust is created through transparency. For this reason; Google Cloud has created trust principles which clarify the commitment to protect the privacy of customers data.
Google Cloud trust principle:
1. Your data belongs to you and no one else
- Your data is processed according to your instructions.
- You can access it or take it out at any time.
- You are notified if a breach is detected that compromises your data.
- You have access controls to safeguard who has access to the data within and outside your organization.
- You have access to audit reports that keep track of all changes made and who touched what in your projects.
- You have access transparency logs expand visibility and control over your cloud provider with near real-time logs and approval controls.
2. Google Cloud does not sell customer data to third parties. Nor is it used in advertising.
3. Your data is encrypted in transit and at rest at all times automatically. You do not have to ask or enable it, this happens by default.
And, if you want, you can apply additional encryption by bringing your own encryption keys. These are the two ways:
- Use Customer Managed Encryption Keys (CMEK) where you use Google Key management service to manage the keys in the cloud.
- Use Customer Supplied Encryption Keys (CSEK) where you manage your keys on-premise. When using CSEK just be aware that if the key is lost, Google won’t be able to help you recover the data because there is no key that exists with Google for this data.
4. Know where your data is stored and rely on it being available when you need it.
Location of Google data centers is published and they are highly available, resilient and secure. You can rely on your data being available when you request it. You also have control over which locations you would like your data to be stored in depending on the service you use. You can choose to store data closer to your users, apps or both.
5. There are explicit rules to guard against insider access to your data and no “backdoor” to Google.
Invalid government requests are rejected, and transparency report is published for those requests.
6. The privacy practices are audited against international standards.
This means you can choose to store your data within Google Cloud anywhere in the world without having to worry about standard met for that specific location.
Protection and Control
Google Cloud provides you with the right tools to control access to the data and choose who has access to what parts of your data.
Dedicated Privacy Team
Privacy team is equally involved in the launch of each product and the documentation to make sure all the privacy requirements and standards are met.
Resources
To learn more about privacy on Google Cloud, check out this link.
Want more GCP Comics? Visit gcpcomics.com & follow me on Medium, and on Twitter to not miss the next issue!