Access Transparency

Expand visibility and control over your cloud provider with near real-time logs and approval controls.

View documentation for this product.

Description of what the video is about.

Expand visibility and control over your cloud provider

Access Transparency gives you near real-time logs when Google Cloud administrators access your content. Cloud Audit Logs already provide visibility into the actions of your own administrators. However, this audit trail typically stops once your cloud provider’s support or engineering team is engaged. For example, prior to Access Transparency logging, if you opened a ticket with Google support that would require data access, it would not have been reflected in a Cloud Audit Log. Access Transparency closes that gap, capturing near real-time* logs of manual, targeted accesses by either support or engineering.

At Google Cloud, we do not access customer data for any reason other than those necessary to fulfill our contractual obligations to you. Technical controls require valid business justifications for any access by support or engineering personnel to your content. Google also performs regular audits of accesses by administrators as a check on the effectiveness of our controls.

*Note: Some storage level accesses will be delayed and not appear in near real time.

Move to the cloud with confidence logo

Move to the cloud with confidence

Inability to audit cloud provider accesses can be a barrier to moving to the cloud. Without visibility into the actions of cloud provider administrators, traditional security processes cannot be replicated. Access Transparency enables that verification, bringing your audit controls closer to what you can expect on-premises. Using the Access Approval feature, you can increase your level of control by requiring explicit approvals before accessing your data or configurations on Google Cloud, unless those accesses are required by law or necessary to resolve a current outage or security incident.

Approve access by Google Cloud support engineers

Having dedicated experts to manage infrastructure is a key benefit of operating in the cloud, but it requires trust that cloud providers are living up to their commitments around data access. Access Approval lets you approve or dismiss requests for access by Google employees working to support your service. Access Approval controls govern access by all of our employees who might support your service, not just select groups.

Extend your security automation to a deeper layer logo

Extend your security automation to a deeper layer

Your existing security automation pipeline may already utilize Cloud Logging to automate security checks and verify that your controls are working as intended. Access Transparency logs are also available through Cloud Logging, and can be integrated directly into any existing analysis pipelines or tool exports you have already set up.

Get the data you need logo

Get the data you need

Whether for regulatory, audit, or archival purposes, there may be reasons why you need logs of accesses to your content. Access Transparency creates logs to help you meet those obligations, showing extensive information such as accessor location, access justification, and the action taken on a specific resource.

Features

Access approval

Explicitly approve access to your data or configurations on Google Cloud. Access Approval requests, when combined with Access Transparency logs, can be used to audit an end-to-end chain from support ticket to access request to approval, to eventual access.

Access justifications

View the reason for each access, including references to specific support tickets where relevant.

Resource and method identification

Identify the exact resources accessed by administrators and the methods run.

Cloud Logging integration

Integrate seamlessly into your existing Cloud Logging configuration.

Accessor location

View the country in which the administrator performing the action was based.

Data protection controls

Take advantage of Google’s data-protection controls designed to limit support and engineering’s ability to access your data unless necessary.

Near real-time publication

Retrieve logs in near real time.

Take the next step

Get $300 in free credits to learn and build on Google Cloud for up to 12 months.

Need help getting started?
Work with a trusted partner
Continue browsing