You want to encrypt the customer data stored in BigQuery. You need to implement for-user crypto-deletion on data stored in your tables. You want to adopt native features in Google Cloud to avoid custom solutions. What should you do?
To implement for-user crypto-deletion and ensure that customer data stored in BigQuery is encrypted, using native Google Cloud features, the best approach is to use Customer-Managed Encryption Keys (CMEK) with Cloud Key Management Service (KMS). Here's why:
Customer-Managed Encryption Keys (CMEK):
CMEK allows you to manage your own encryption keys using Cloud KMS. These keys provide additional control over data access and encryption management.
Associating a CMEK with a BigQuery table ensures that data is encrypted with a key you manage.
For-User Crypto-Deletion:
For-user crypto-deletion can be achieved by disabling or destroying the CMEK. Once the key is disabled or destroyed, the data encrypted with that key cannot be decrypted, effectively rendering it unreadable.
Native Integration:
Using CMEK with BigQuery is a native feature, avoiding the need for custom encryption solutions. This simplifies the management and implementation of encryption and decryption processes.
Steps to Implement:
Create a CMEK in Cloud KMS:
Set up a new customer-managed encryption key in Cloud KMS.
Associate the CMEK with BigQuery Tables:
When creating a new table in BigQuery, specify the CMEK to be used for encryption.
This can be done through the BigQuery console, CLI, or API.
BigQuery and CMEK
Cloud KMS Documentation
Encrypting Data in BigQuery
Irma
2 months agoNaomi
2 months agoNathalie
2 months agoGalen
3 months agoAdolph
2 months agoWilliam
2 months agoMarguerita
2 months agoShenika
3 months agoAleisha
3 months agoAshlyn
2 months agoYesenia
2 months agoJanna
2 months agoNgoc
3 months agoTerrilyn
3 months agoMoira
2 months agoCiara
3 months agoIzetta
3 months agoMollie
3 months agoLouvenia
3 months agoAbel
3 months ago