This document introduces Cloud HSM, a service for protecting keys with a hardware security module. While Google Cloud encrypts all customer data-at-rest, some customers, especially those who are sensitive to compliance regulations, must maintain control of the keys used to encrypt their data. With Cloud HSM, you can generate encryption keys and perform cryptographic operations in FIPS 140-2 Level 3 certified HSMs. The service is fully managed, so you can protect your most sensitive workloads without worrying about the operational overhead of managing an HSM cluster.
Overview
This document outlines the following:
- Within Cloud HSM, how Google handles physical security, logical security, infrastructure, capacity-planning, geo-expansion, and data center disaster-recovery planning.
- The significant benefits that Cloud HSM provides for developers and end users, including HSMs at Google scale and unified API design.
- How Cloud HSM helps you enforce regulatory compliance for your workloads in the cloud.
- How Cloud HSM handles request flows for creating keys, cryptographic operations, and CMEK integrations.
To read the full whitepaper, click the following button: