Machina Delivers External Encryption Key Management for Protecting Data in Google Cloud

Ionic drives customer-managed trust by storing and managing encryption keys outside of Google Cloud with External Key Manager

Ionic manages cloud risk and privacy by externalizing encryption key management for your data, services, and workloads in BigQuery and Compute Engine.

With this integration, Ionic Machina™ provides Google customers an unprecedented level of trust in driving cloud migration and app modernization.

External encryption key management

Achieve higher levels of assurance by using external key management for access and control of your cloud data, services, and workloads. Separate your data at-rest and encryption keys to protect your data from unauthorized access, misconfigured buckets, and breaches.

Attribute-based access control (ABAC)

Simplify the management of your shared responsibility security obligations in Google Cloud by consistently implementing contextual, attribute-based access control (ABAC) policy rules across all your applications, repositories, and workloads.

Real-time policy enforcement

Enforce access policy decisions based on context and attributes, and policy rule changes in real-time across your data, services and workloads. Advanced encryption key management allows you to achieve any level of protection granularity required.

Auditable visibility

Stay informed of all your data activities provided in a single unified view with real-time analytics on how your data is accessed and handled across the organization. Easily audit policies if needed or to meet compliance requirements.

Ionic Machina mitigates cloud risk by allowing customers to have full control over data stored in the cloud

For organizations previously unable or unwilling to move sensitive data, services, or workloads to the cloud, the combination of Machina and Google Cloud External Key Manager offers:

  • Customer-managed trust by introducing Ionic (third party) into the risk model to enforce powerful data access policies across any environment — hybrid or cloud
  • Simplified and consistent management of your shared responsibility to secure data, services, and workloads in Google Cloud
  • Centralized encryption key management for on-premises and cloud applications from a single solution
  • Effective management of ever-evolving privacy regulations by dynamically handling corporate and industry compliance requirements such as HIPAA, GDPR, CCPA, and others
  • Realization of cost savings and innovation to the fullest potential by moving your data, services, and workloads to the cloud

Get started with leveraging Ionic Machina to protect data in BigQuery and resources in Compute Engine

Google Cloud External Key Manager

Google is the only public cloud provider enabling customers to bring their own encryption key management system to Google Cloud, which allows them to:

  • Store encryption keys in their own data centers
  • Control access and manage protection from a single external solution
  • Leverage full visibility into data activities
  • Maintain the highest levels of regulatory compliance
Key Access Justifications (currently in beta)

Key Access Justifications is a new capability that works with Google Cloud External Key Manager to:

  • Provide justification every time your externally hosted keys are used to decrypt data
  • Explicitly allow you to approve or deny decryption using the key in the context of that request, using an automated policy set in Machina
  • Provide visibility into every request for an encryption key that permits data to change state from at-rest to in-use
  • Record audit log entry for each operation which includes the access reason

Key Access Justification further enhances the powerful attribute-based access controls of Machina that are uniquely positioned to leverage these reasons when rendering a policy decision in Google Cloud.

Machina and Google Cloud External Key Manager Demo

Fill out the form for a personalized demo of the current integration of Machina with Google Cloud External Key Manager and to be notified when later phases are available.

Click here to get more resources now.

Contact us