Michael Jaiyeola l Jul 13, 2023 l Data Protection, Partnerships

The Value of Data-Centric Protection in Google Cloud and BigQuery

Business leaders are increasingly adopting cloud-based analytics for decision-making. However, this approach comes with potential security and privacy risks. Although some users of public cloud services may find the built-in security features sufficient for their needs. Others, such as those operating in highly regulated industries, may require additional security measures either for their own peace of mind or due to regulatory mandates.

In this blog post, we will explore the benefits of comforte's partnership with Google Cloud for our joint customers, why comforte’s data-centric security is needed in the cloud and how to integrate the comforte data protection engine with BigQuery's remote functions.

Comforte Data Security Platform's offering for BigQuery includes:

  • Enhanced security for cloud-based analytics, preserve privacy and protect your data through advanced tokenization or format-preserving encryption (FPE) that does not slow down your ability to innovate.
  • Bring Your Own Encryption (BYOE) to Google Cloud and BigQuery, securely leverage the power of your data with optimal utility, portability and control.
  • Consistent protection and access controls for structured and semi-structured data, in Google Cloud, hybrid environments and multi-cloud setups.
  • Cloud-native integration enabling rapid implementation and ensuring data protection from the earliest stages and throughout its lifecycle.

So, where are we now when it comes to enterprise cloud adoption and security in the cloud?

The Cloud Data Privacy Landscape

According to Gartner, worldwide end-user spending on public cloud services is projected to grow by 20.7% and reach $591.8 billion in 2023. Cloud-based analytics enables organizations to seamlessly scale their data processing and storage capabilities to meet the ever-growing demands. As more enterprises adopt cloud-based data analytics platforms like Google Cloud's BigQuery, the need for robust data protection and privacy measures becomes paramount.

Cloud Data Warehousing and BiqQuery

An enterprise data warehouse is a system designed for the analysis and reporting of structured and semi-structured data from various sources. Cloud data warehouses act as repositories for critical business data, such as Personal Identifying Information (PII) or Personal Account Numbers (PANs). Among cloud-based data warehousing and analytics solutions, Google's BigQuery has emerged as a leader, empowering organizations to leverage the potential of big data and derive actionable insights.

Key Features and Benefits of BigQuery:

  • Completely serverless architecture and cost-effective
  • Scalability to process and analyze massive datasets in real-time
  • Increased business agility and reduced time to insights
  • Built in BI, machine learning and AI
  • Works across clouds and scales with your data
  • Robust security, governance, and reliability controls with99% uptime SLA
  • Protected with Google’s native encryption by default

What are Google BigQuery's remote functions

Google BigQuery's remote functions, also known as External Functions or User Defined Functions, add flexibility and customization within the BigQuery ecosystem. With remote functions, developers can execute custom code by using a direct integration with Google’s Cloud Functions and Cloud Run.

Learn more about working with remote functions.

comforte integrates its protection engine with Google BigQuery to apply advanced protection technology such as tokenization or format-preserving encryption (FPE), to specific tables, columns or data elements when using remote functions. This maximizes the value of data to organizations without increasing security and privacy concerns.

Let’s now take a look at why using comforte’s data-centric security is optimal for enterprise use cases in the cloud and how you can leverage it for data in BigQuery.

Bring Your Own Encryption (BYOE) to Google Cloud

Comforte believes that enterprises can fully leverage the potential of the cloud and protect their valuable data assets by first fully understanding the challenges and then implementing best practices. To ensure security against unauthorized access, data breaches, and insider threats, organizations should adopt multi-layered security measures. This entails employing a data-centric security strategy that maximizes the benefit of using leading cloud data warehouse platforms like Google's BigQuery.

Bring Your Own Encryption (BYOE) simplifies the process of securing multi-cloud data while maintaining optimal levels of control. BYOE refers to the practice of using an organization's own encryption methods or algorithms to protect data before storing it in a cloud service provider's infrastructure. This extra layer of security and control enhances data protection and Improves compliance by applying advanced, consistent protection directly to data.

comforte's data-centric security allows sensitive data to be protected via tokenization or FPE while preserving its original format, including its length, structure, and characteristics. Integration with BigQuery's remote functions enables Google Cloud customers to perform complex analytics operations on protected data, ensuring data privacy while preserving the usability and structure of the data. This technique is particularly valuable when working with data that must retain its original format, such as credit card numbers, social security numbers, or medical record identifiers.

Why use comforte’s data-centric protection to enhance data security in BigQuery

While Google's native data protection provides robust security measures for data at-rest and in-transit, there are scenarios where an additional layer of data-centric security, such as by format-preserving encryption (FPE) or tokenization, may be required for enterprise use cases.

Here are five reasons why enterprises should consider implementing comforte’s data-centric security integration alongside Google's native data protection:

  1. Enhanced Data Privacy: An additional layer of privacy protection that preserves the format and structure of data while remaining secure, even during processing and analysis within BigQuery and during the execution of remote functions.
  2. End-to-end protection: Remote functions often involve passing data inputs and receiving outputs between the external code and BigQuery. Data-centric security safeguards the confidentiality of sensitive input data by protecting it before it reaches the remote function. Similarly, it encrypts the output data before it leaves the function, mitigating the risk of unauthorized access or interception.
  3. Leverage Sensitive Data: Data teams can get access and analyze sensitive data, they would not be able to use without proper protection due to compliance concerns.
  4. Third-Party Code: Remote functions allows you to execute code developed by your third-party suppliers or contractors. Additional security measures like FPE can add an extra layer of protection to data to reduce risks associated with vendors’ code.
  5. Regulatory Compliance: Many industries have stringent regulatory requirements regarding data privacy, such as the General Data Protection Regulation (GDPR) or the Health Insurance Portability and Accountability Act (HIPAA). Data-centric security can help companies meet these compliance standards by providing an extra level of protection and ensuring that sensitive data remains secure throughout its lifecycle within BigQuery and under your control.

comforte AG_ comforte google cloud_in text_13.07


How to integrate comforte’s data protection engine with Big Query

Integration with BigQuery remote functions uses a simple API to connect to Cloud Run hosted on a docker container. Cloud Run is then linked with the comforte data protection engine that protects and/or deprotects data as required.

The following components are required:

  • Google Big Query remote function
  • API endpoint implemented with Spring Boot and SecurDPS Filter API containerized as Cloud Run
  • A running SecurDPS Protection Cluster available and reachable from within Google Cloud components, like Cloud Run. This includes the external IP address and user/key used in the API instance

For a step-by-step technical breakdown of how to set up the integration of the comforte data security platform with Google’s BigQuery remote functions, please refer to this resource here.


In this blog post, we explored the importance of data security in cloud-based analytics, specifically focusing on Google Cloud's BigQuery. While BigQuery offers robust encryption and data protection measures, there are scenarios where enhanced data-centric security is necessary. We discussed comforte's integration with BigQuery, which enables enterprises to implement privacy-preserving techniques such as format-preserving encryption and tokenization. This integration allows for secure data processing, analytics, and execution of custom code through BigQuery's remote functions while maintaining data privacy and preserving the original data format.

Ready to unlock the full potential of your data analytics while maintaining robust data protection and privacy? Discover how comforte's data security solution can seamlessly integrate with Google's BigQuery and remote functions, providing you with enhanced choice and flexibility. Contact us today to schedule a personalized demonstration and unleash the power of cloud-based analytics with comforte and Google Cloud.

Share this:  LinkedIn XING Email

Learn more about comforte's Data Protection for Google Cloud and Big Query

Click the button below to download the solution brief:

Download Solution Brief

Related posts