IT workloads in Google Cloud can deliver both convenience and cost savings. However, you still need to follow security, privacy and compliance rules, as well as best practices for protecting data. Further, you need rapid data mobility across all clouds you currently use and those in your future, a need which can be compromised with cloud-vendor-specific encryption solutions. And, as one of the few hyperscaler cloud service providers, Google Apps qualify Google as both an IaaS/PaaS and SaaS provider. While Google Cloud encrypts all customer data at rest, Thales and Google have forged a relationship to help Google Cloud customers further protect their sensitive information.
Security Solutions for Google Cloud
How can you secure your data in Google Cloud?
To fulfill the shared responsibility model for cloud security, choose Bring Your Own Key (BYOK), Hold Your Own Key (HYOK), or mechanisms to discover sensitive data and Bring Your Own Encryption (BYOE). In addition, you need external policy-based access management with smart single sign on (SSO) and multifactor authentication (MFA).
External Key Management for Google Cloud – Bring Your Own Key (BTOK)/Hold Your Own Key (HYOK)
Thales supports both Customer-Managed Encryption Keys (CMEK) and External Key Management Services (EKMS) with CipherTrust Cloud Key Manager, a multi-cloud encryption key life cycle management solution from Thales TCT.
Bring Your Own Encryption for Google Cloud
Protect data with advanced encryption if your either:
- 100% Google Cloud-based with stringent data security controls, OR
- Running hybrid clouds with data distributed across your on-premises private cloud, multiple cloud providers, and in Google Cloud
What are the benefits of advanced encryption?
- Protecting data either transparently at the OS level or at the application layer strengthens data security against more threats, from ransomware and APT’s to insider risks and even protecting data from Google’s access
- You gain data portability between clouds, even potentially without egress fees
Realize a fast return on investment with CipherTrust Transparent Encryption. Protect data without changes to applications, databases, infrastructure, or business practices. Google Storage solutions encrypt all data at rest but deliver data in the clear to operating systems. Most data thefts are due to compromises in the operating system, applications, or distracted users. OS-level controls combined with granular access policies give you the protection your sensitive data requires.
Cloud native applications might not have operating systems on which to run Transparent Encryption. Secure your data in cloud native applications with:
- CipherTrust Tokenization with Dynamic Data Masking integrated with cloud native apps with REST. It’s easy to add policy-based dynamic data masking
- CipherTrust Application Data Protection protects data within applications for the highest level of security
Discover Sensitive Data in Google Cloud
Locate regulated data with streamlined workflows that help eliminate security blind spots. Built-in discovery and classification templates offer a quick start with the flexibility needed to create new policies. Detailed reports can demonstrate compliance with rules, regulations and laws with CipherTrust Data Discovery and Classification.
High Assurance Root of Trust for Google Cloud
Secure and protect your data in Google Cloud with Thales TCT’s high assurance FIPS 140 Level 3-validated Hardware Security Modules (HSMs). Thales TCT’s Luna T-Series HSMs support the Google Customer-Supplied Encryption Keys (CSEK) and Google Cloud EKM service.
Policy-based Access Management for Google Cloud
Google Recommends Policy-based Access Management for Google Cloud. SafeNet Trusted Access (STA) is a cloud-based service that acts as the trusted identity provider for on-premises and cloud apps in Google Cloud, other public clouds, and private clouds. STA provides the ability to securely deploy an access management solution across an organization’s entire environment, across all operating systems and clouds. STA protects cloud resources at the log in point by using authentication and conditional access, and enforcing policy-based access controls every time a user logs into an app.
Two-Factor Authentication (2FA) Compliance
STA supports 2FA and can be configured to support multi-factor authentication (MFA) in Google Cloud to address compliance regulations for managing cloud resources.
Cloud Single Sign On and MFA
STA improves productivity for IT administrators and customers without decreasing security by providing support for Cloud Single Sign On (SSO) and MFA in Google Cloud.
Google Workspace Security
Enhance privacy and confidentiality using Google Workspace Client-side encryption and Thales Data and Identity Protection solutions.
Enhancing Key Management for Google Workspace
Google Workspace now provides enhanced privacy and confidentiality options for Gmail, Google Calendar, calls over Google Meet, and Google Drive with Client-side encryption – a solution that enables enterprise customers to have full control over their encryption keys using CipherTrust Cloud Key Manager and SafeNet Trusted Access in combination or independently. Adhering to a concept of ‘shared security’, Google recommends that customers use an external key manager (EKM) and Identity Provider (IDP) to ensure that only authorized and authenticated individuals can access protected information. Only Thales develops an independent IDP and key management solution.
Compliance mandates require logs of who has access, to which apps, and how their identity is verified
SafeNet Trusted Access (STA) is a cloud-based service that acts as the trusted identity provider (IDP) for Google Workspace and other third-party cloud and web-based apps. As an IDP, STA provides IT administrators with the ability to easily deploy an access management solution across their entire environment, including multiple clouds.
STA secures access to Google Workspace and authenticates user identities across:
- All operating systems
- On-premise and cloud apps
- Multi-cloud environments
In minutes, STA enables you to set policy-based access for SSO and 2FA/MFA for all your cloud and web apps.