Built-in data protection at scale

Google Cloud offers built-in data protection at scale to help protect your business from intrusions, theft, and attacks. Our multilayered security approach across hardware, services, user identity, storage, internet communication, and operations provides redundancy and reliability, while our purpose-built chips, servers, storage, network, and data centers protect against hardware-level intrusion.

Data is automatically encrypted while in transit and at rest, and can only be accessed by the authorized roles and services with audited access to the encryption keys. Within Google Cloud, data is also automatically replicated and encrypted for backup and disaster recovery. When data is ready to be deleted, it is first marked as "scheduled for deletion," and then it is removed in accordance with service-specific policies.

Efficiently manage data

Google Cloud provides industry-leading tools and technology to efficiently manage data throughout its lifecycle. In order to properly govern your data, you need to know where it is. Cloud Data Loss Prevention automatically helps you discover, classify, and redact sensitive data like credit card numbers and social security numbers in Google Cloud, within other clouds, or from your on-premises environment, according to the data policies your organization has set up. Data Catalog provides a fully managed, metadata management service that empowers you to quickly discover, manage, and understand your data. Security Command Center helps you discover assets across App Engine, Compute Engine, Cloud Storage, and Cloud Datastore and view them in one place so you can better understand your risks before they result in business damage or loss. Identity and Access Management (IAM) provides fine-grained access control and visibility as well as a unified view into security policies across organizations so you can manage identity, access control, and auditing across your organization. Monitor log data and events from Google Cloud and AWS in real time using Cloud Logging as well as within your Google Cloud projects using Cloud Audit Logs.

Support compliance requirements

Our products regularly undergo independent third-party verification of security, privacy, and compliance controls. We're constantly working to meet the regulatory requirements that matter to you, such as the Health Insurance Portability and Accountability Act (HIPAA), FIPS 140.2, and the Sarbanes-Oxley Act (SOX). To assist in your compliance with global regulations, such as the General Data Protection Regulation (GDPR), we share up-to-date information, best practices, and easy access to documentation.

In addition, Google Cloud offers data privacy, data portability, and threat protection products and features that can support your compliance efforts. These can be leveraged to prevent abuse or unlawful access to your data and maintain the ongoing confidentiality, integrity, and availability of your data, and satisfy other requirements. For example, Cloud IAM allows you to control access rights and roles for Google Cloud Platform resources, while Cloud Identity-Aware Proxy (IAP) verifies a user's identity for cloud applications running on GCP.

Creating trust through transparency

You own your data. We do not access your data for any reason other than those necessary to fulfill our contractual obligations to you. With Access Transparency, we capture real-time logs of manual, targeted accesses by either support or engineering, so you can have visibility into our actions. It also allows you to perform regular audits of access by administrators as a check on the effectiveness of our controls.

Our Google Cloud Trust Principles summarize our commitment to protecting the privacy of your data, and if you choose to stop using Google Cloud, you can take your data with you at any time. We know how important it is to earn your trust, so we're working hard and investing heavily to keep this commitment.