Access Transparency logs now generally available for six GCP services
Public clouds allow you to run your business without needing to worry about the operational details of running a data center. However, operating in the cloud means that you share operational responsibility with a new set of administrators who are not your employees. Google’s engineers design, build, and operate the infrastructure that delivers the high reliability, high availability service that you expect from Google Cloud. Not surprisingly, customers often ask us questions like “Can Google access my data?” “When and why would this happen?” and “How can I gain oversight over your activity, like I do for my own admins on-prem?”
Google’s terms of service state we only ever access your data for reasons necessary to provide your service to you, but how can you verify that we are adhering to this claim? In March, we announced Access Transparency, a logs product that gives you visibility into manual, targeted access to your data. These logs provide visibility into access at every layer of the stack—not just when access happens through public APIs or high-level endpoints. These accesses almost always happen because of a support ticket you opened to investigate an issue.
This first-in-the-cloud service is now generally available for six Google Cloud Platform (GCP) services: Cloud Storage, Compute Engine, App Engine, Persistent Disk, Cloud IAM, and Cloud KMS. General availability brings improvements in log quality, as well as the ability to view the employing entity in addition to the location of the data accessors. You can view Access Transparency logs right alongside other critical information in Stackdriver Logging and export them into Cloud Storage, BigQuery and Cloud Pub/Sub for retention or further analysis.
Investing in visibility
Our discussions with customers revealed that lack of visibility into data access was a common challenge when working with cloud providers. In a survey by HyTrust, uncontrolled or unmonitored access to user data by administrators was one of the top two concerns organizations had in moving their data to the cloud. Most current cloud provider visibility offerings only show access via public APIs—records of administrator access via private APIs aren’t made available to customers, forcing them to trust that everything happening “behind the curtain” is exactly as the cloud provider says it is.
Access Transparency addresses this problem head-on. It required a huge investment on our part to create additional protection around the different pathways to access your data. Here is a sample of the capabilities that we built to deliver Access Transparency:
Binary Authorization technology checks that the system code accessing customer data originated from binaries that were checked into our source code repository and reviewed by a second party. A version of this technology is available for you to use on your own Kubernetes Engine deployments.
Mappings of customer data sources, from sources as sensitive as Cloud Storage buckets, to things as minor as the labels that you attach to your VMs.
Enhanced data protection controls that provide automated checking of business justifications. We integrated these mechanisms into the constellation of developer tools we use to build services at Google, all the way down to lower-level infrastructure accesses. This helps ensure that any access to customer data can be audited and traced end-to-end and justified with a business reason.
This investment into securing both system and manual accesses to your data, all the way down to the infrastructure level, is important to us. We are the only public cloud provider to make this type of logs available to you.
Access Transparency is available to Platinum and Gold customers, or their equivalents on Role-Based* or Enterprise Support packages. Platinum and Gold customers can now enable Access Transparency automatically in the Google Cloud Console with the press of a button. Of course, you can still contact sales or support to enable Access Transparency at any time if you are eligible.
Access Transparency builds on our long history of transparency offerings, dating back to our Transparency Report—the first report of its kind to publicly detail access requests for user data. We believe that transparency builds greater trust as well as stronger discipline in how we apply our controls internally. With the general availability of Access Transparency, we take another leap forward in transparency and we look forward to continuing to provide you more visibility and control in the future.
* Four or more roles.