GCP data security and governance
Google Cloud Platform (GCP) offers industry-leading tools and technology to efficiently protect and govern your data throughout its lifecycle. We work hard to protect the privacy of your data, meet global security standards that support compliance, and provide tools to help with regulations such as GDPR, so you can have the peace of mind that your data is protected.
Principles and best practices for data governance in the cloudRead whitepaper
Built-in data protection at scale
GCP offers built-in data protection at scale to help protect your business from intrusions, theft, and attacks. Our multilayered security approach across hardware, services, user identity, storage, internet communication, and operations provides redundancy and reliability, while our purpose-built chips, servers, storage, network, and data centers protect against hardware-level intrusion.
Data is automatically encrypted while in transit and at rest, and can only be accessed by the authorized roles and services with audited access to the encryption keys. Within GCP, data is also automatically replicated and encrypted for backup and disaster recovery. When data is ready to be deleted, it is first marked as "scheduled for deletion," and then it is removed in accordance with service-specific policies.
Efficiently manage data
GCP provides industry-leading tools and technology to efficiently manage data throughout its lifecycle. In order to properly govern your data, you need to know where it is. Cloud Data Loss Prevention automatically helps you discover, classify, and redact sensitive data like credit card numbers and social security numbers in GCP, within other clouds, or from your on-premises environment, according to the data policies your organization has set up. Data Catalog provides a fully managed, metadata management service that empowers you to quickly discover, manage, and understand your data. Cloud Security Command Center helps you discover assets across App Engine, Compute Engine, Cloud Storage, and Cloud Datastore and view them in one place so you can better understand your risks before they result in business damage or loss. Cloud Identity and Access Management (IAM) provides fine-grained access control and visibility as well as a unified view into security policies across organizations so you can manage identity, access control, and auditing across your organization. Monitor log data and events from GCP and AWS in real time using Stackdriver Logging as well as within your GCP projects using Cloud Audit Logging.
Support compliance requirements
Our products regularly undergo independent third-party verification of security, privacy, and compliance controls. We're constantly working to meet the regulatory requirements that matter to you, such as the Health Insurance Portability and Accountability Act (HIPAA), FIPS 140.2, and the Sarbanes-Oxley Act (SOX). To assist in your compliance with global regulations, such as the General Data Protection Regulation (GDPR), we share up-to-date information, best practices, and easy access to documentation.
In addition, Google Cloud offers data privacy, data portability, and threat protection products and features that can support your compliance efforts. These can be leveraged to prevent abuse or unlawful access to your data and maintain the ongoing confidentiality, integrity, and availability of your data, and satisfy other requirements. For example, Cloud IAM allows you to control access rights and roles for Google Cloud Platform resources, while Cloud Identity-Aware Proxy (IAP) verifies a user's identity for cloud applications running on GCP.
Creating trust through transparency
You own your data. We do not access your data for any reason other than those necessary to fulfill our contractual obligations to you. With Access Transparency, we capture real-time logs of manual, targeted accesses by either support or engineering, so you can have visibility into our actions. It also allows you to perform regular audits of access by administrators as a check on the effectiveness of our controls.
Our Google Cloud Trust Principles summarize our commitment to protecting the privacy of your data, and if you choose to stop using Google Cloud, you can take your data with you at any time. We know how important it is to earn your trust, so we're working hard and investing heavily to keep this commitment.
Technology and tools
Google Cloud offers a breadth of products and technologies designed to protect your data throughout its lifecycle.