Scribd
Upload
55 views2 pages

Encryption at Rest - Google Cloud

Google Cloud Platform offers three options for encryption at rest: 1) Encryption by default, where data is encrypted prior to being written to disk and each encryption key is itself encrypted. 2) Customer-managed encryption keys using Cloud KMS, where users can create, rotate, and destroy symmetric encryption keys that are kept in the cloud. 3) Customer-supplied encryption keys, where users can provide their own encryption keys that are kept on-premises and used to encrypt cloud services, with Google using the key in memory only.

Uploaded by

Raj
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
55 views2 pages

Encryption at Rest - Google Cloud

Google Cloud Platform offers three options for encryption at rest: 1) Encryption by default, where data is encrypted prior to being written to disk and each encryption key is itself encrypted. 2) Customer-managed encryption keys using Cloud KMS, where users can create, rotate, and destroy symmetric encryption keys that are kept in the cloud. 3) Customer-supplied encryption keys, where users can provide their own encryption keys that are kept on-premises and used to encrypt cloud services, with Google using the key in memory only.

Uploaded by

Raj
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

3/30/2021 Encryption at Rest | Google Cloud

Encryption at rest options

Data users typically choose to protect


Solution Description Google Cloud Platform availability
this way
Enjoy world-class encryption without further Data at rest is encrypted by default in all Google Most data
need for configurations Cloud Platform products. Read about the
granularity of encryption by product
Data is automatically encrypted prior to
being written to disk

Each encryption key is itself encrypted


with a set of master keys
Encryption by default
Keys and encryption policies are
managed the same way, in the same
keystore, as for Google’s production
services

Learn more about default encryption in our


whitepaper

https://cloud.google.com/security/encryption-at-rest/ 1/2
3/30/2021 Encryption at Rest | Google Cloud

Encryption at rest options

Keep keys in the cloud, for direct use by cloud AI Platform Training Sensitive data where you have a
services requirement to manage your own
BigQuery
encryption key
Manage your keys in a cloud-hosted
Cloud Build
solution
Cloud Dataproc
You can create, rotate, automatically
rotate and destroy symmetric encryption Container Registry
keys
Customer-managed Cloud SQL

encryption keys (CMEK) Cloud Storage


using Cloud KMS
Compute Engine

Kubernetes Engine

Cloud Logging

Pub/Sub
You can use keys in Cloud KMS for application-
layer encryption in any Google Cloud Platform
product
Keep keys on-premises, and use them to Cloud Storage Sensitive data where you have a
encrypt your cloud services requirement to generate your own
Compute Engine
encryption key or manage it on-premises
Use your own encryption keys as part of
services on Google Cloud Platform
Customer-supplied
Google uses the key in memory and does
encryption keys (CSEK)
not write it to storage

You provide the keys as part of API


service calls

Learn more about how CSEK are protected

https://cloud.google.com/security/encryption-at-rest/ 2/2

You might also like