Closer cooperation offers companies a clear path to the secure use of highly sensitive data in the Google Cloud Platform (GCP)
Building on their long-standing partnership, Thales and Google Cloud are now working together to improve data security for customers moving their workloads to the cloud. With Ubiquitous Data Encryption, the solution from Thales and Google Cloud enables a comprehensive offering that offers complete control over data at rest, during use and during transmission with comprehensive centralized key control that the customer owns and manages. It uses the combined power of Google Cloud’s Confidential Computing, a breakthrough technology that encrypts data during processing, and Thales’ CipherTrust Cloud Key Manager to create and manage your cryptographic keys in Google Cloud.
- Ubiquitous Data Encryption combines Confidential Computing from Google Cloud with the CipherTrust Cloud Key Manager from Thales
- The Thales CipherTrust Data Security Platform enables users to create and manage cryptographic keys for data transferred to Google Cloud Confidential Computing.
Increasing trust in the cloud
According to the Thales Data Threat Report 2021, more than half (51 percent) of all surveyed companies are moving their workloads and data to the public cloud, making data security and control even more important. The integrated solution from Thales and Google Cloud ensures that data cannot be accessed via the cloud service provider at rest, during transmission and now also during use, in order to ensure the confidentiality of customer data.
Thanks to the ubiquitous data encryption of Google Cloud, companies now have the opportunity to use highly sensitive data in GCP. This is achieved by granting access to data usage only through a confidential virtual machine (VM) with cryptographic keys hosted outside of GCP, and key management through an external cloud key manager such as CipherTrust.
“In order to enable the future of secure data transmission, we have to put control completely in the hands of the customer. Ubiquitous Data Encryption from Google Cloud allows the end user to reduce implicit trust in the storage and transmission of data. By integrating a trusted third-party platform such as Thales’ CipherTrust Data Security Platform, we can provide our customers with the data security solution they need to seamlessly encrypt and decrypt their sensitive and sensitive information,” says Nelly Porter, Group Project Manager, Cloud Security at Google.
Ensuring strong key management
The integrated solution uses Thales’ CipherTrust Cloud Key Manager to enable users to create cryptographic keys and set rules for encrypting and decrypting each key, supporting several specific use cases for confidential data processing.
Todd Moore, Vice President of Encryption Solutions at Thales
“Since 2017, we have been working with Google Cloud to enable companies to put their trust in the cloud with more sovereign control over their data security. Recently, in France, we announced the joint development of a trusted cloud, which will also rely on our CipherTrust solutions. Our support for Google Cloud’s Ubiquitous Data Encryption is another indication of our shared vision to provide organizations around the world with solutions that enable them to securely control and manage their data, no matter where they are,” says Todd Moore, VP Encryption Products at Thales .
Greater control by the customer
Thales’ CipherTrust Data Security Platform enables the end user to maintain ownership of their data both on-premises and in the cloud, as well as when moving sensitive workflows and data to the cloud. The new integrated solution for GCP represents a new use case for Hold Your Own Key (HYOK), resulting from Thales’ extensive experience in developing HYOK solutions for customers migrating their workloads to the public cloud.
Google Cloud customers using Confidential VMs with AMD EPYC™ processors can encrypt data during use with the advanced Secure Encrypted Virtualization security feature available on AMD EPYC™ CPUs. With confidential computing, customers can be sure that their data will remain private and encrypted even during processing.
“Confidential computing addresses the most important security concerns that many companies have today when migrating their sensitive applications to the public cloud. Google Confidential VMs powered by AMD EPYC processors and using the Secure Encrypted Virtualization (SEV) feature enable protection that is transparent to applications and helps customers protect their most valuable information while being used by applications in the public cloud“” adds Raghu Nambiar, Corporate Vice President, Data Center Ecosystems and Solutions, AMD.