GCP data security and governance

Google Cloud Platform (GCP) offers industry-leading tools and technology to efficiently protect and govern your data throughout its lifecycle. We work hard to protect the privacy of your data, meet global security standards that support compliance, and provide tools to help with regulations such as GDPR, so you can have the peace of mind that your data is protected.

Principles and best practices for data governance in the cloud

Read whitepaper
Built-in data protection

Built-in data protection at scale

GCP offers built-in data protection at scale to help protect your business from intrusions, theft, and attacks. Our multilayered security approach across hardware, services, user identity, storage, internet communication, and operations provides redundancy and reliability, while our purpose-built chips, servers, storage, network, and data centers protect against hardware-level intrusion.

Data is automatically encrypted while in transit and at rest, and can only be accessed by the authorized roles and services with audited access to the encryption keys. Within GCP, data is also automatically replicated and encrypted for backup and disaster recovery. When data is ready to be deleted, it is first marked as "scheduled for deletion," and then it is removed in accordance with service-specific policies.

Google Cloud Security: Our experts explain

Technology and tools

Google Cloud offers a breadth of products and technologies designed to protect your data throughout its lifecycle.

Data lifecycle management

Encryption by default in transit and at rest
Encryption protects your data from system compromise or data exfiltration while in transit or at rest.
Cloud Key Management System (KMS)
Manage cryptographic keys for your cloud services the same way you do on-premises.
Cloud HSM
Protect cryptographic keys in a fully managed cloud-hosted HSM service.
Cloud Data Loss Prevention (DLP)
Fast, scalable de-identification for sensitive data like credit card numbers, names, social security numbers, and more.
VPC Service Controls
Define a security perimeter around GCP resources to constrain data within a VPC and help mitigate data exfiltration risks.
Backup and recovery
In storage, encryption at rest protects data on backup media. Data is also replicated in encrypted form for backup and disaster recovery.
Deletion of data
GCP is engineered to achieve a more secure and effective data deletion process in accordance with service-specific policies.
Cloud Data Loss Prevention
Automatically discover and redact sensitive data everywhere.

Governance, risk, and compliance

Cloud Data Catalog
Fully managed and scalable metadata management service that empowers you to quickly discover, manage, and understand your data.
Google Cloud Trust Principles
Our commitment to our shared responsibility for protecting and managing your data in the cloud.
Third-party audits and certifications
Third-party verification of security, privacy, and compliance controls, certifications, and attestations against global standards.
Cloud Data Catalog
Quickly discover, manage, and understand your data.

Identity and access management

Cloud Identity and Access Management (IAM)
Fine-grained access control and visibility for centrally managing cloud resources.
Cloud Identity-Aware Proxy (IAP)
A building block toward BeyondCorp, which enables every employee to work from untrusted networks without the use of a VPN.
Cloud IAM
Enterprise-grade access control.

GCP's infrastructure security

Defense in depth
Our cloud infrastructure is designed in progressive layers that deliver true defense in depth.
Custom hardware
Purpose-built chips, servers, storage, network, and data centers, which protect against hardware-level intrusion.

Security monitoring and operations

Stackdriver Logging
Real-time log management and analysis for applications running on GCP and AWS.
Cloud Audit Logging
Maintains three audit logs for each project, folder, and organization: Admin Activity, System Events, and Data Access.
Cloud Security Command Center
View and monitor an inventory of your cloud assets and detect common web vulnerabilities, all from a single, centralized dashboard.
Access Transparency
Expand your visibility over your cloud provider through near real-time logs.

More customers

Auka
Colorado Center for Personalized Medicine
Zulily
Evernote
Qubit
Tido/Physician Attendant

Resources