Subscribe

Mirza Salihagic l Aug 8, 2024 l Data Protection, Cloud Computing, Cloud Security

How to Implement Data-Centric Security in Google Cloud and BigQuery

AI, analytics and cloud-based data stores are driving a revolution in data-driven decision making. Yet as more organizations adopt these technologies to carve out competitive advantage, they realize that the underlying data must be secured, without impacting its utility. While for many, native security is enough, those in highly regulated industries and with a low tolerance for cyber risk may demand additional protective measures.

This is where comforte’s Data Security Platform offers tremendous value to customers of Google’s industry leading cloud data warehouse offering, BigQuery. Here’s the how and why of getting started.

How comforte works

The comforte platform offers end-to-end data protection for hybrid and multi-cloud environments – enabling organizations to protect data before it is stored in the cloud, and then continuously thereafter throughout its lifecycle. It can do this via pseudonymization methods (tokenization or format-preserving encryption), which protect data while preserving its original format, including its length, structure, and characteristics. The result is strong data protection that doesn’t impact data utility.

In this way, Google BigQuery customers can adopt a Bring Your Own Encryption (BYOE) methodology which enables them to stay in control of data security in a consistent manner, across multiple cloud environments.

Getting started

Google BigQuery's remote functions (aka External Functions, User Defined Functions) allow developers to execute custom code by using a direct integration with Google’s Cloud Functions and Cloud Run. comforte integrates with BigQuery remote functions via a simple API to connect to Cloud Run hosted on a Docker container. This ensures that all sensitive data residing in BigQuery (including specific tables, columns or data elements) can be safeguarded with tokenization and FPE. Role-based access controls further bolster security.

All a Google BigQuery customer needs to get started are:

  • Google Big Query remote function
  • API endpoint implemented with Spring Boot and SecurDPS Filter API containerized as Cloud Run
  • A running SecurDPS Protection Cluster available and reachable from within Google Cloud components, like Cloud Run. This includes the external IP address and user/key used in the API instance

A more detailed step-by-step guide can be found here.

Comforte also offers the option of pre-emptive data protection designed to safeguard data before it even reaches BigQuery. This can be achieved via a suite of transparent integrators and APIs that enable data protection at the earliest stages of the data lifecycle.

Why comforte?

With comforte in place, Google BigQuery customers can benefit from:

  • Enhanced data security and utility: An extra layer of data protection that preserves the format and structure of data, even during processing and analysis within BigQuery, and during the execution of remote functions. This enables data analytics teams to optimize its use for business insight and growth
  • Consistent, streamlined security: BYOE that puts you in control of data protection, enabling consistent policy enforcement across multiple cloud environments
  • End-to-end protection: Remote functions often involve passing data inputs and receiving outputs between external code and BigQuery. Comforte protects sensitive input data before it reaches the remote function, and encrypts output data before it leaves the function, to mitigate the risk of unauthorized access or interception
  • Third-party code risk mitigation: Remote functions allow organizations to execute code developed by their third-party suppliers or contractors. Comforte adds an extra layer of protection to data to reduce risks associated with this code
  • Enhanced regulatory compliance: Data-centric security from comforte helps companies meet strict compliance requirements such as the General Data Protection Regulation (GDPR) or the Health Insurance Portability and Accountability Act (HIPAA). It ensures that sensitive, regulated data remains secure throughout its lifecycle within BigQuery, and under your control

Leveraging cloud-powered analytics for data-driven insight will soon be table stakes for organizations focused on sustainable growth. Protecting that data throughout its lifecycle ensures that digital transformation plans are built on solid foundations.


Share this:  LinkedIn XING Email

Learn how to discover, classify, and protect all sensitive data.

Click the button below to download the solution brief for our Data Security Platform:

Download Solution Brief

Related posts