Identity & Security

Key Access Justifications: a new level of control and visibility

Security_BlogHeader_B.jpg

Editor’s note: The following post was updated on 1/08/20 to provide additional clarity on Cloud External Key Manager and Key Access Justifications.

As enterprises move to the cloud, they want to control when and how their data is accessed. At Google Cloud, we believe that customers should have the strongest levels of control over data stored in the cloud in addition to the highest levels of security. 

This is why we are excited to announce the forthcoming alpha availability of Key Access Justifications, a new product that works together with our Cloud External Key Manager to greatly advance the control that GCP customers have over their data. Key Access Justifications is a new capability that gives customers a justification every time their externally hosted keys are used to decrypt data.

Together, these products allow customers to be the ultimate arbiters of access to their data on Google Cloud Platform (GCP). 

Using Key Access Justifications together with Cloud External Key Manager, customers will receive:

  • Visibility into every request for an encryption key that permits data to change state from at-rest to in-use, with a justification for that request

  • A mechanism to explicitly approve or deny decryption using the key in the context of that request, using an automated policy that they set (via third-party functionality)

  • A commitment from Google Cloud to protect the integrity of our controls and the justifications

What this means is that there is no way for Google to decrypt customer data-at-rest without customer approval, which our customers can withhold for any reason. This is because:

  • Data is always encrypted-at-rest

  • Encryption keys needed to decrypt the data are stored and managed outside of Google’s technical infrastructure 

  • Decrypting customer data requires a call outside of Google to the customer’s externally-managed key

  • Customers can expect every request to come with a justification, and block requests automatically for any reason they don’t like

  • Reasons for key requests are detailed so that customers can understand what is happening to their data

  • The overall solution comes with an integrity commitment that gives customers confidence in the controls working as described

We believe that Cloud External Key Manager together with Key Access Justifications is the first cloud solution that delivers on these requirements, providing a level of control in cloud not offered by other providers.

Cloud External Key Manager is now available in Beta and integrated with key management providers Equinix, Fortanix, Ionic, Thales and Unbound. Key Access Justifications is coming soon to BigQuery and Google Compute Engine/Persistent Disk, and covers the transition from data-at-rest to data-in-use in these services. Key Access Justifications will be available to a select number of Cloud External Key Manager enterprise customers. If you are interested in becoming a potential early adopter of Key Access Justifications, enter your information into this form. Otherwise, to start using Cloud External Key Manager without Key Access Justifications, please visit the website to find out more.