This page introduces Access Transparency logging.
Google’s long-term commitment to security goes hand in hand with our ongoing practice of transparency, enabling our customers not only to trust us, but also to verify that we are making good on our commitments.
As part of this practice of transparency, we have developed the Access Transparency product, which provides logs of actions taken by Google staff when accessing user content. Now, as part of your regular logs in Stackdriver Logging, you will also be presented with logs of Google staff actions. Examples of these actions could include actions by customer support that you may have requested by phone, lower level engineering investigations in furtherance of your support requests, or other actions made for valid business purposes such as recovering from an outage.
When to use Access Transparency
There are a variety of reasons why you might need Access Transparency. Some examples include:
- Verifying that Google isn’t accessing your data for any reason except for a valid business reason, such as fixing a fault or attending to your requests.
- Verifying that Google’s staff have not made an error when carrying out your instructions.
- Verifying and tracking compliance with legal/regulatory obligations.
- Collecting and analyzing tracked access events through an automated security information and event management (SIEM) tool.
The table below lists the Google Cloud Platform services that write Access Transparency logs. GA indicates that a log type is Generally Available for a service; Beta indicates that a log type is available, but might be changed in backward-incompatible ways and is not subject to any SLA or deprecation policy.
Access Transparency logs are produced by the following services:
|Services with Access Transparency support||Availability|
|Cloud Identity and Access Management (IAM)||Beta|
|Cloud Key Management Service (KMS)||Beta|
1 Cloud Storage is the only compatible storage backend for App Engine currently supported by Access Transparency.
- Learn how to configure and read Access Transparency.