The new External Key Manager functionality that Google just announced is a huge step in the right direction for operational leaders like me. In my first post, I talked about how the ability to move data to the cloud and retain control of my keys is what led me to join Ionic in the first place, and my second post outlined a few use cases that highlight the challenges of data protection and control. In this post, I’ll touch on the immediate benefits this integration provides and why the future phases are so meaningful.
The first phase of Google Cloud’s External Key Manager solves major problems, even constrained to Google Compute Engine (GCE) and Big Query (BQ). For organizations with on-prem and cloud infrastructures, you’ve now unlocked their ability to encrypt the whole path from beginning to end with the same key. This avoids changing keys, which is a data protection use case I discussed earlier, and the introduction of granular access controls with Ionic MachinaTM means that every access request – whether it’s approved or denied – is logged.
Adding Machina into cloud environments gives you detailed controls around and visibility into everyone with access to core services. It’s powerful privileged access management. In GCE, you can lock down a cluster so that only certain people can access it: Maybe you set up your environment so that the NOC can access front-end boxes, but not the back-end, or you’re having a production issue and you need to lock the environment down completely until you get the situation resolved.
Maybe the production issue you’re having requires a Google admin to help you troubleshoot. Machina is a fail-closed model; you have to explicitly allow access to your data, so those admins can’t get into your environment by default. Once you grant access to the external admin to assist with troubleshooting, you control what, when, and how that person can interact with your environment. You simply remove them from the privileged access policy when the job’s done, and you have a complete record of everything they’ve done since Machina logs detailed transaction records.
A CSP may parse 50 terabytes of data across 50 different platforms, but one motivated bad actor with admin privileges can still piece things together. The Capital One breach is a prime example of that. Using Machina with Google Cloud’s External Key Manager, you appropriately limit access, and if a bad actor manages to get into your environment, you’ll have full visibility into all their fetches and creates.
Besides GCE, this first phase extends to BQ, where every table can now have a customer-controlled key. The granularity of keys and the attribute-based access controls of Machina are really appealing for managing privileged access to complex data stores. You can get really specific about which service can access which keys under what conditions. And the visibility to every transaction solves a number of audit and compliance issues.
On that topic, if you can ensure that keys and the management of them sits outside your CSP, you’re opening the floodgates of what kind of data you can move to the cloud. Now you’re talking about solving use cases for HIPAA data, for legal practices…for any type of regulated or sensitive data that has traditionally been managed on-prem. Smaller organizations don’t always have IT shops, making them perfect candidates for cloud, but the toxic nature of the data they manage has prevented them from being able to take advantage of as-a-service solutions until now. With a third party in the risk model, certain compliance issues simply go away.
That, in turn, drives cost savings. Where you might have never moved this data to the cloud – because you worried about data protection levels, and the costs of needing to move the data back on-prem after a failed experiment were too high – now you have options. To protect about 250 terabytes of data on-prem, you’re looking at $1 to $1.5 million in hardware costs that you have to replace every three years. The higher probability of drive failure over time is what leads to the jump in maintenance costs in year three, which in turn incents you to replace the hardware.
But if you can be confident about the data protection and controls you’ve put in place, you can move that same data to the cloud for closer to $7 thousand a month. That works out to about a quarter of the on-prem costs over three years.
Operations teams can get significant value from the first phase of External Key Manager for GCE and BQ, but the following phases are even more exciting. Opening External Key Manager up to additional services is what exponentially increases the scope of data that I can control and protect, with full visibility.
Key Access Justifications will pass contextual information from Google Cloud’s External Key Manager to Machina so you can enforce policy decisions based on an even richer set of attributes: Was the transaction a Google service? Was it user-initiated? The end use cases are limitless at this point.
Jimmy Baker, senior director of operations at Ionic Security, has over 25 years of experience in analyzing and implementing technical business requirements to lead high-performing operational and IT teams.