Machina Secures Your Data in Google Cloud with External Encryption Key Management

Machina for Google Cloud External Key Manager (EKM) allows you to store and manage encryption keys completely outside Google Cloud Platform

Manage cloud security and privacy by externalizing encryption key management for BigQuery and Compute Engine. Drive customer-managed trust by explicitly authorizing subjects' access, which includes Google, to your data and resources.

External encryption key management

Achieve higher levels of assurance by using external key management to access and control your cloud data and resources. Separating your data-at-rest and encryption keys, and having full control of your keys makes you the ultimate arbiter of authorizing access.

Attribute-based access control (ABAC)

Simplify the management of your shared responsibility security obligations in Google Cloud by consistently implementing contextual, attribute-based access control (ABAC) policy rules across BigQuery and Compute Engine.

Real-time policy enforcement

Enforce access policy decisions based on context and attributes, and policy rule changes in real-time across your data and resources in the cloud and on-premises, managed from a single policy-based authorization engine that evaluates the attributes and rules.

Auditable visibility

Stay informed of all your data activities provided in a single unified view with real-time analytics on how your data is accessed and handled across the organization. Easily audit policies and data activities if needed to meet regulatory compliance requirements.

Ionic Machina mitigates cloud risk by allowing customers to have full control over data stored in the cloud

For organizations previously unable or unwilling to move sensitive data to the cloud or adopt cloud services, the combination of Machina and Google Cloud External Key Manager offers:

  • Customer-managed trust by introducing Ionic (third party) into the risk model to enforce powerful data access policies across any environment — hybrid or cloud
  • Simplified and consistent management of your shared responsibility to secure data and resources in Google Cloud
  • Centralized encryption key management for on-premises and cloud applications from a single solution
  • Effective management of ever-evolving privacy regulations by dynamically handling corporate and industry compliance requirements (HIPAA, GDPR, CCPA, and others)
  • Realization of cost savings and innovation to the fullest potential by moving your data to the cloud and adopting cloud services

Get started with leveraging Ionic Machina to protect data in BigQuery and resources in Compute Engine

Google Cloud External Key Manager

Google is the only public cloud provider enabling customers to bring their own encryption key management system to Google Cloud, which allows them to:

  • Store encryption keys in their own data centers
  • Control access and manage protection from a single external solution
  • Leverage full visibility into data activities
  • Maintain the highest levels of regulatory compliance
Key Access Justifications (currently in beta)

Key Access Justifications is a new capability that works with Google Cloud External Key Manager to:

  • Provide justification every time your externally hosted keys are used to decrypt data
  • Explicitly allow you to approve or deny a key request based on the context of that request as defined in a policy rule set in Machina
  • Provide visibility into every request for an encryption key that permits data to change state from at-rest to in-use
  • Record audit log entry for each operation which includes the access reason

Key Access Justification further enhances the powerful attribute-based access controls of Machina that are uniquely positioned to leverage these reasons when rendering a policy decision in Google Cloud.

Machina for Google Cloud External Key Manager Demo
 

Fill out the form for a personalized demo of the current integration of Machina with Google Cloud External Key Manager and to be notified when later phases are available.

Click here to get more resources now.

Contact us