Ionic Machina Console Analytics screen shows Access Per Day, Policies Evaluated, including the final decision and the rule(s) applied, Total Access By (filterable by users or groups), Attributes, and even Environmental Attributes that can be weighed into the access decision in real-time

Machina for Google Cloud External Key Manager Demo

Enforce External Control Over Your Data and Keys in Google Cloud


An increasing number of organizations today are embracing cloud storage and computing for their data to take advantage of the derived cost savings and operational efficiencies. Even though Google Cloud Platform (GCP) provides a highly secure cloud platform with features like data encryption at rest and in transit by default, organizations struggle to manage the growing complexities of today’s data, use cases, regulations, compliance mandates, and more.

GCP clearly states that you are responsible for protecting your data and controlling how it is accessed and used. While you can utilize multiple GCP services to meet your security and compliance requirements, misconfigurations can lead to breaches and unauthorized access, as your data and keys to access the data, are stored and managed in the same location.  

As you move your sensitive data to GCP, securing and controlling access to it is essential to keep up with increasing regulatory requirements and to gain or retain data trust. 

So, how can you gain and enforce full control over your data and keys in GCP? How can you enforce consistent data access policies across hybrid or cloud environments, while having full visibility into data activities across our entire organization?

MachinaTM enables you to control the security of and access to your data in BigQuery and resources in Compute Engine by providing an external system where you can create, use, and store your own encryption keys outside of GCP. The Google Cloud External Key Manager (EKM) integration with Machina drives trust – giving you full control over your data access encryption keys and policies that control them, such that you can even deny Google the ability to decrypt your data for any reason. 

This demo illustrates how introducing Machina into the risk model achieves clear separation of duties and third party enforcement of data access policies.

Google Cloud Platform Customers are responsible for Governance Risk Control (GRC), Data Security, and Application Security. Google Cloud is responsible for Platform Security, Infrastructure Security, and Physical Security. Platform Security is a shared responsibility. Manage GRC, data security, and application security with Machina.
Manage Your Shared Responsibility of Security ‘in’ Google Cloud with Machina