The power of choice: Simplifying your regulatory and compliance journey
Archana Ramamoorthy
Senior Director Product Management, Google Cloud
Matt Garr
Group Product Manager, Google Cloud
At Google Cloud, we understand you have a diverse set of regulatory, compliance, and sovereignty needs. We strive to provide you with the controls you need and the flexibility to meet your requirements. We offer a range of customizable control packages, so you can choose the level of control that best aligns with your risk tolerance and compliance needs. This flexibility allows you to tailor your approach with minimal tradeoffs. Additionally, we work closely with local partners in select countries to offer Sovereign Controls by Partners to address regional requirements.
At Google Cloud Next, we announced several significant enhancements to further expand your power of choice. These include new Regional Controls and Sovereign Controls by Partners packages, new controls and audit enhancements, and a simplified compliance configuration and management experience for new workloads. These enhancements give you even more options to meet your requirements, at lower cost, and with increased ease of use.
Launch of Regional Controls
Regional Controls, now in preview, expands Assured Workloads control package availability to 32 regions across 14 countries. Regional Controls includes foundational controls such as data residency (at-rest and during processing) and administrative Access Transparency, at no additional cost. With these updates, controls provided through Assured Workloads are now more accessible than ever to a wider range of Google Cloud customers.
Sovereign Controls by Partners
We are also expanding our Sovereign Controls by Partners offering with the preview of Sovereign Controls by PSN in Italy and Sovereign Controls by SIA/Minsait in Spain. These local partners, as with T-Systems in Germany and S3NS in France, can provide additional layers of control including local support personnel, managed External Key Management (EKM) with Key Access Justifications (KAJ), and additional oversight options. EKM with KAJ provides strong control over your data. Since keys are stored outside of Google's infrastructure, you or your local partner have the power to directly approve or deny any access requests.
You can read more about how partnerships like these have met the specific demands of our European customers and have helped to propel their businesses forward.
Expanding compliance controls and audit capabilities
We also continue to expand the compliance controls and audit capabilities available to Google Cloud customers.
We are thrilled to announce that we now offer data residency core processing commitments to customers using Assured Workloads. This is a major milestone towards additional data residency guarantees, which makes it possible for enterprise and public sector customers to deploy regulated workloads and help keep their data within the country while it is processed by the service.
To help customers simplify their compliance audit process, our new Audit Manager can help automate control verification with proof of compliance for your workloads and data on Google Cloud. The compliance assessments and proof can help reduce the time and effort required in costly audit processes. Additionally, the available responsibility matrices clarify the shared responsibility between you and Google Cloud, and help you set the right configurations.
Organizations that need to process sensitive data in the cloud with strong guarantees around confidentiality can continue to use our Confidential Computing portfolio. We offer support for Confidential VMs, Containers, and your entire data processing pipeline, as well as ubiquitous data encryption, which can provide additional security and peace of mind about the encryption and protection of your data.
Simplifying the onboarding experience
We’ve worked to make it easier to configure workload controls by default and migrate workloads that were not initially set up in Assured Workloads to a controlled environment. A new onboarding flow is now directly integrated into the Cloud Resource Manager (CRM). When setting up a Google Cloud folder from the CRM, simply choose 'Assured Workloads Folder' to automatically apply a chosen set of Regional, Sovereign, or Compliance controls to resources in that folder.
The new “Learn More” panel provides contextual information to help understand Assured Workloads capabilities during the folder creation process, and it can help you make an informed decision as to the right control package for your specific needs. We’ve also streamlined and simplified the setup flow to help you save time.
Getting started
You can take advantage of our free trial program to check out our premium compliance offerings at no additional cost for a limited time.
If you’re looking to migrate existing Google Cloud workloads into an Assured Workloads controlled environment, we have an Analyze Move API that can assist you by pointing out any incompatibilities in moving your current projects into your chosen Assured Workloads program.
And if you’re not sure where to start your sovereignty journey, you can use our free interactive Digital Sovereignty Explorer to get personalized recommendations on potential cloud controls and other Google Sovereign Cloud solutions based on your unique requirements.