Google Cloud External Key Manager Now in Beta
Cloud EKM is designed to separate data at rest from encryption keys stored in a third-party management system.
Google this week announced the beta availability of its Google Cloud External Key Manager (Cloud EKM), a new tool intended to create separation between data and encryption keys.
Cloud EKM, which debuted at Google Cloud Next UK last month, lets users protect data at rest in BigQuery and Compute Engine with encryption keys stored and managed in a third-party key management system outside Google's infrastructure. Google Cloud calls the Cloud EKM service a "bridge" between its cloud Key Management Service (KMS) and third-party key managers.
This approach gives users stricter control over the creation, location, and distribution of keys, Google explains, as well as full control over who accesses them. With keys stored outside Google Cloud, users can enforce that access to data by requiring use of an external key. It also lets users employ a single key manager for both on-premises and cloud-based keys.
To facilitate the implementation process, Google Cloud is teaming up with key management vendors Equinix, Fortanix, Ionic, Thales, and Unbound. Both the Ionic and Fortanix integrations are ready now; those for Equinix, Thales, and Unbound are coming soon, officials say in a blog post.
Read more details here and here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "How to Manage API Security."
About the Author
You May Also Like