Google Cloud Platform Security

Use technology that  enables you to find and classify sensitive data subject to data privacy or protection mandates worldwide and then protect and control the data with advanced encryption and policy-based access management. Or you can architect applications to be cloud-native and protect data using vaultless tokenization with dynamic data masking.

Locate regulated data with streamlined workflows that help eliminate security blind spots. Built-in discovery and classification templates offer a quick start with the flexibility needed to create new policies. Detailed reports can demonstrate compliance with rules, regulations and laws. Discover CipherTrust Data Discovery and Classification.

Protect Data with Advanced Encryption if you’re either

• 100% Google Cloud-based with stringent data security controls, OR
• Running hybrid clouds with data distributed across your on-premises private cloud, multiple cloud providers, and in Google Cloud

What are the benefits of advanced encryption?

• Protecting data either transparently at the OS level or at the application layer strengthens data security against more threats, from ransomware and APT’s to insider risks and even protecting data from Google’s access
• You gain data portability between clouds, even potentially without egress fees

Realize a fast return on investment with CipherTrust Transparent Encryption. Protect data without changes to applications, databases, infrastructure, or business practices. Google Storage solutions encrypt all data at rest but deliver data in the clear to operating systems. Most data thefts are due to compromises in the operating system, applications, or distracted users. OS-level controls combined with granular access policies give you the protection your sensitive data requires.

Cloud native applications might not have operating systems on which to run Transparent Encryption. Secure your data in cloud native applications with:

• CipherTrust Tokenization with Dynamic Data Masking integrated with cloud native apps with REST. It’s easy to add policy-based dynamic data masking
• CipherTrust Application Data Protection protects data within applications for the highest level of security

Luna HSMs support the Google Customer-Supplied Encryption Keys (CSEK) and Google Cloud EKM service. For convenient access to encryption key quality and ownership, Thales Data Protection on Demand (DPoD) provides a wide range of Luna Cloud HSM and CipherTrust Key Management services through a simple online marketplace. Several DPoD-based services are available on the Google Marketplace: Luna Cloud HSM, a general-purpose HSM solution supporting ISV and customer-written applications, and, the CipherTrust Key Broker for Google EKM that enables secure creation and control of encryption keys outside of the Google Cloud environment.

It is important to not be locked into a single cloud vendor. We recommend you choose an IDP that supports multiple clouds, so when your business needs change -- you aren’t locked in to a single cloud vendor.

STA provides the ability to securely deploy an access management solution across an organization’s entire environment, across all operating systems and clouds.

STA protects cloud resources at the log in point by using authentication and conditional access, and enforcing policy-based access controls every time a user logs into an app. Read more about SafeNet Trusted Access.

STA supports 2FA and can be configured to support multi-factor authentication (MFA) in Google Cloud.

STA improves productivity for IT administrators and customers without decreasing security by providing support for Cloud Single Sign On (SSO) and MFA in Google Cloud.