Google: BigQuery and GCE users get these new controls over sensitive cloud data
Google announced an alternative to existing key management services offered by Google cloud; External Key Manager. To give companies more control of encrypted data, External Key Manager will allow customers to keep encryption keys out of Google’s hands. Yesterday, Google announced Big Query Reservations, an entreprise-friendly pricing model that offers predictable analytics spending. External Key Manager and Big Query Reservations have been implemented by Google in an attempt to attract more business from large enterprises.
Even though all data that enters the Google Cloud Platform is encrypted by default, customers reported that they want more control over aspects of encryption. Customers will be able to use External Key Manager with Equinix, Fortanix, Thales, and Unbound. Another feature of the new encryption controls is Key Access Justifications, which requires Google to provide detailed justification when requesting to decrypt customer data. External Key Manager is launching in beta, while Key Acess Justification is launching in alpha.