GCP data security and governance

Google Cloud Platform (GCP) offers best-in-class tools and technology to efficiently protect and govern your data throughout its lifecycle. We work hard to protect the privacy of your data, meet global security standards that support compliance, and provide tools to help with regulations such as GDPR, so you can have the peace of mind that your data is protected.

Built-in data protection at scale

GCP offers built-in data protection at scale to help protect your business from intrusions, theft, and attacks. Our multilayered security approach across hardware, services, user identity, storage, internet communication, and operations provides redundancy and reliability, while our purpose-built chips, servers, storage, network, and data centers protect against hardware-level intrusion.

Data is automatically encrypted while in transit and at rest, and can only be accessed by the authorized roles and services with audited access to the encryption keys. Within GCP, data is also automatically replicated and encrypted for backup and disaster recovery. When data is ready to be deleted, it is first marked as "scheduled for deletion," and then it is removed in accordance with service-specific policies.

Google Cloud Security: Our experts explain

Forrester Logo

Forrester Research names Google Cloud as a Leader in The Forrester Wavetm : Public Cloud Platform Native Security, Q2 2018 report. Get your complimentary copy of the report.

Get the report

Technology and tools

Google Cloud offers a breadth of products and technologies designed to protect your data throughout its lifecycle.

Data lifecycle management

Encryption by Default in Transit and at Rest
Encryption protects your data from system compromise or data exfiltration while in transit or at rest.
Cloud Key Management System (KMS)
Manage cryptographic keys for your cloud services the same way you do on-premises.
Cloud Hardware Security Module (HSM)
Protect cryptographic keys in a fully managed cloud-hosted HSM service.
Data Loss Prevention (DLP) API
Fast, scalable de-identification for sensitive data like credit card numbers, names, social security numbers, and more.
VPC Service Controls
Define a security perimeter around GCP resources to constrain data within a VPC and help mitigate data exfiltration risks.
Backup and Recovery
In storage, encryption at rest protects data on backup media. Data is also replicated in encrypted form for backup and disaster recovery.
Deletion of Data
GCP is engineered to achieve secure and effective data deletion in accordance with service-specific policies.
Data Loss Prevention (DLP) API
Automatically discover and redact sensitive data everywhere.

GCP's infrastructure security

Defense in Depth
Our cloud infrastructure is designed in progressive layers that deliver true defense in depth.
Custom Hardware
Purpose-built chips, servers, storage, network, and data centers, which protect against hardware-level intrusion.

Identity and access management

Cloud Identity and Access Management (IAM)
Fine-grained access control and visibility for centrally managing cloud resources.
Cloud Identity-Aware Proxy (IAP)
A building block toward BeyondCorp, which enables every employee to work from untrusted networks without the use of a VPN.
Cloud IAM
Enterprise-grade access control.

Governance, risk, and compliance

Google Cloud Trust Principles
Our commitment to our shared responsibility for protecting and managing your data in the cloud.
Third-party Audits and Certifications
Third-party verification of security, privacy, and compliance controls, certifications, and attestations against global standards.

Security monitoring and operations

Stackdriver Logging
Real-time log management and analysis for applications running on GCP and AWS.
Cloud Audit Logging
Maintains three audit logs for each project, folder, and organization: Admin Activity, System Events and Data Access.
Cloud Security Command Center
View and monitor an inventory of your cloud assets and detect common web vulnerabilities, all from a single, centralized dashboard.
Access Transparency
Expand your visibility over your cloud provider through near real-time logs.

More customers

Auka
Colorado Center for Personalized Medicine
Zulily
Evernote
Qubit
Tido/Physician Attendant

Resources

Security Partner Ecosystem

Google Cloud Security Whitepapers

Google Safety Center

Data deletion on Google Cloud Platform

Google Cloud Security and Compliance Whitepaper

Encryption at Rest in Google Cloud

Government Requests for Data

Data Incident Response

Google Cloud's Approach to Security

Protect your data and applications

Google Cloud Big Data Products

Google Cloud Big Data Solutions