Privileged access at Google Cloud
Google Cloud systems are built with a focus on protecting your content using controls and monitoring. Your content stored on Google Cloud completely belongs to you. Occasionally, Google personnel might need to access your content but these accesses are never without a valid business justification.
Why Google personnel request access to customer content
The most common reason why Google personnel request access to your content is to resolve a customer support ticket. If you create a customer support request, then a Google personnel might be required to request access to your content. Access Transparency exists to provide customers visibility into these accesses. But rest assured, the privacy of your content is secure regardless of whether you enable Access Transparency.
What is privileged access
Google personnel's access to your data to fulfill an obligation of providing a contracted service is called privileged access. Access to your data in Google Cloud is usually because of the following reasons:
- You are accessing your own data.
- A service you are using is accessing data on your behalf.
When requested to provide a contracted service, Google personnel acting as a privileged administrator can access your data.
Foundational principles of privileged access management
Google Cloud's privileged access management strategy strictly limits what a single Google staff member can view and do with your data. Google Cloud's privileged access philosophy is based on the following principles:
Least privilege: Access to customer data is denied by default for all Google personnel. When access is granted, it is temporary and no greater than what is absolutely necessary to provide the contracted service.
Limit singular access to data: Singularly accessing customer data without another individual involved is extremely difficult for any and every Google personnel.
All access must be justified: Google personnel by default don't have access to customer data. Google personnel can access your data only with a valid business justification. For the list of valid business justifications, see Justification reason codes.
Monitor and alerting: Monitoring and response processes exist to identify, triage, and remediate violations of these principles.
For more information about Google Cloud's privileged access philosophy, see the whitepaper on Privileged access management in Google Cloud.
Google Cloud products regularly undergo independent, third-party audits and certifications to verify that their data protection practices match their controls and commitments. For more information about how Google Cloud products provide customers with transparency and control over their content, see the whitepaper on Trusting your data with Google Cloud.
To know more about Google Cloud's commitment toward protecting the privacy of customer data, see Google Cloud and common privacy principles.
To learn about the core principles upon which controls that prevent unauthorized administrative access are based, see Overview of administrative access controls.
To see the list of business justifications for which Google personnel can request to access customer data, see Justification reason codes.