Earlier this month, the team at Google Cloud Storage announced new capabilities for improving the reliability and performance of user’s data. They have now rolled out updates for storage security that will cater to privacy of data and compliance with financial services regulations. With these new security upgrades including the general availability of Cloud Storage Bucket Lock, UI changes for privacy management, Cloud KMS integration with Cloud Storage and much more; users will be able to build reliable applications as well as ensure the safety of data.
Storage security features on Google Cloud Storage:
#1 General availability of Cloud Storage Bucket Lock
Cloud Storage Bucket Lock is now generally available. This feature is especially useful for users that need a Write Once Read Many (WORM) storage, as it prevents deletion or modification of content for a specified period of time.
To help organizations meet compliance, legal and regulatory requirements for retaining data for specific lengths of time, Bucket Lock provides retention lock capabilities, as well as event, holds for content.
Bucket Lock works with all tiers of Cloud Storage. Both primary and archive data can use the same storage setup. Users can automatically move locked data into colder storage tiers and delete data once the retention period expires.
Bucket Lock has been used in a diverse range of applications from financial records compliance and Healthcare records retention to Media content archives and much more.
You can head over to the Bucket Lock documentation to learn more about this feature.
#2 New UI features for secure sharing of data
The new UI features in the Cloud Storage console enable users to securely share their data and gain insights over which data, buckets, and objects are publicly visible across their Cloud Storage environment.
The public sharing option in the UI has been replaced with an Identity and Access Management (IAM) panel. This mechanism will prevent users from clicking the mouse by mistake and publicly sharing their objects.
Administrators can clearly understand which content is publicly available. The mechanism also enables users to know how their data is being shared publicly.
#3 Use Cloud KMS keys with Cloud Storage data
Cloud Key Management System (KMS) provides users with sophisticated encryption key management capabilities. Users can manage and control encryption keys for their Cloud Storage datasets through the Cloud Storage–KMS integration.
This KMS integration helps users manage active keys, authorize users or applications to use certain keys, monitor key use, and more.
Cloud Storage users can also perform a key rotation, revocation, and deletion.
Head over to Google Cloud storage blog to learn more about Cloud KMS integration.
#4 Access Transparency for Cloud Storage and Persistent Disk
This new transparency mechanism will show users who, when, where and why Google support or the engineering team has accessed their Cloud Storage and Persistent Disk environment.
Users can use Stackdriver APIs to monitor logs related to Cloud Storage actions programmatically and also archive their logs if required for future auditing. This gives complete visibility into administrative actions for monitoring and compliance purposes
You can learn more about AXT on Google’s blog post.
Head over to Google Cloud Storage blog to understand how these new upgrades will add to the security and control of cloud resources.