This page describes Access Transparency and answers some frequently asked questions.
Overview
Security, transparency, and data protection are at the core of how Google designs and builds its products. All customers of Google Cloud own their data and have complete control on how it is used. Google Cloud Trust Principles summarize Google's commitment to protecting the privacy of customer content that is stored in Google Cloud.
Access Transparency is a part of Google's long-term commitment to transparency and user trust. Access Transparency logs record the actions that Google personnel take when accessing customer content.
Access Transparency logs give you different information than Cloud Audit Logs. Cloud Audit Logs record the actions that members of your Google Cloud organization have taken in your Google Cloud resources, whereas Access Transparency logs record the actions taken by Google personnel.
Access Transparency log entries include details such as the affected resource and action, the time of the action, the reason for the action, and information about the accessor.
When to use Access Transparency
You might need Access Transparency logs for the following reasons:
- Verifying that Google personnel are accessing your content only for valid business reasons, such as fixing an outage or attending to your support requests.
- Verifying that Google personnel haven't made an error while carrying out your instructions.
- Verifying and tracking compliance with legal or regulatory obligations.
- Collecting and analyzing tracked access events through an automated security information and event management (SIEM) tool.
Google services producing Access Transparency logs
For the list of Google services that provide Access Transparency logs, see Google services with Access Transparency logs.
When can Google personnel access customer content?
Google personnel are strictly restricted in what is visible to them. All accesses to customer content require a valid justification. See Justification reason codes for the list of valid business justifications.
How does Google train its employees on the confidentiality of customer content?
All Google employees are required to execute a confidentiality agreement and comply with Google's Code of Conduct. For more information on employee onboarding, and security and privacy training, see the Google security whitepaper.
How does Google handle government requests for customer content?
If Google receives a government request for customer content, it is Google's policy to direct the government to request such data directly from the Google Cloud customer. For more information, see Google Cloud Government Requests whitepaper.
What's next
- To understand the contents of Access Transparency log entries, see Understanding and using Access Transparency logs.
- For information on Google Cloud's privileged access principles, see Privileged access.
- For more information on the controls Google has put in place for protecting customer content, see the Google security whitepaper.
Try it for yourself
If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
Get started for free