Key Access Justifications: a new level of control and visibility

As enterprises move to and operate in the cloud, they want to control when and how their data is accessed. At Google Cloud, we believe that customers should have the strongest levels of control over data stored in the cloud in addition to the highest levels of security. While there has always been strong demand for control, the technical capabilities to provide it in a meaningful way are extremely challenging to build without making unacceptable tradeoffs in service functionality. 

We have made significant progress on this front and want to share more about it with you. Today we’re excited to announce Key Access Justifications, a new capability that works with our External Key Manager to allow our customers to be the ultimate arbiters of access to their data on Google Cloud Platform (GCP). 

To bring this capability to the market, we had to address a number of challenging problems and architect our systems so we can deliver granular control, while still retaining much of the flexibility and functionality that you look for when moving to the cloud.

Using Key Access Justifications together with our newly announced External Key Manager product, you’ll receive:

  • Visibility into every request for an encryption key that permits data to change state from at-rest to in-use, with a justification for that request
  • A mechanism to explicitly approve or deny decryption using the key in the context of that request, using an automated policy that you set (via third-party functionality)
  • A commitment from Google Cloud to protect the integrity of our controls and the justifications

We chose these features because we want you to have visibility into requests for access to your data, understand the reasons for those requests, and be able to selectively permit or deny them. Google Cloud believes we have attained this through the combination of our Customer Managed Encryption Key, External Key Manager, and Key Access Justifications products. For customers to have confidence in this product and similar solutions, we believe that:

  • Data must be encrypted at rest
  • Customers must have a way to store and manage encryption keys outside of Google’s technical infrastructure 
  • Customers must own and hold the encryption keys needed to decrypt their data
  • Customers must be able to monitor when a request is made for a key needed to decrypt their data, review the reason for the request, and be able to make a choice about whether to provide access to the key or deny it 
  • Reasons for key requests must provide enough information so that customers can understand what is happening to their data
  • Customers must be confident in the integrity of the solution

We believe that External Key Manager together with Key Access Justifications is the first cloud solution that delivers on these requirements, making customers the ultimate arbiter of access to their data.

Key Access Justifications is coming soon to BigQuery and Google Compute Engine/Persistent Disk, and covers the transition from data-at-rest to data-in-use in these services. This product will be available to a select number of External Key Manager enterprise customers. A detailed blog post about External Key Manager is also coming soon. If you are interested in becoming a potential early adopter, enter your information into this form.