Use third-party keys in the cloud with Cloud External Key Manager, now beta

At Google Cloud Next UK last month, we announced the alpha version of Google Cloud’s External Key Manager (Cloud EKM). Today, Cloud EKM is available in beta, so we wanted to provide a deeper look at what Cloud EKM is and how it can be valuable for your organization. 

In a first for any public cloud, Cloud EKM will let you achieve full separation between your data and your encryption keys. At its heart, Cloud EKM lets you protect data at rest in BigQuery and Compute Engine using encryption keys that are stored and managed in a third-party key management system that’s deployed outside Google’s infrastructure.

Cloud EKM.png
Cloud EKM provides the bridge between Cloud KMS and an external key manager.

This approach offers several unique security benefits: 

  • Maintain key provenance over your third-party keys. You have strict control over the creation, location, and distribution of your keys.  

  • Full control over who accesses your keys. Because keys are always stored outside Google Cloud, you can enforce that access to data at rest for BigQuery and Compute Engine requires an external key. 

  • Centralized key management. Use one key manager for both on-premises and cloud-based keys, ensuring a single policy point and allowing enterprises to easily take advantage of hybrid deployments. 

To make Cloud EKM easy to implement, we are working with five industry-leading key management vendors: Equinix, Fortanix, Ionic, Thales, and Unbound. (The Ionic and Fortanix integrations are ready today; Equinix, Thales, and Unbound are coming soon.) Check out the videos below to learn more.

Equinix and Cloud EKM

In collaboration with Equinix, Google Cloud brings customers the next level of control for their cloud environments with External Key Manager. Check out the video to learn more.

Fortanix and Cloud EKM

In collaboration with Fortanix, Google Cloud brings customers the next level of control for their cloud environments with External Key Manager. Check out the video to learn more.

Ionic and Cloud EKM

In collaboration with Ionic, Google Cloud brings customers the next level of control for their cloud environments with External Key Manager. Check out the video to learn more.

Thales and Cloud EKM

In collaboration with Thales, Google Cloud brings customers the next level of control for their cloud environments with External Key Manager. Watch the video to learn more.

Unbound and Cloud EKM

In collaboration with Unbound, Google Cloud brings customers the next level of control for their cloud environments with External Key Manager. Check out the video to learn more.

For more information on Cloud EKM, including how to get started, check out the documentation.