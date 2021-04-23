



A relational database managed by Google LLC’s Cloud Spanner allows businesses to use their own encryption keys to encrypt information. The search giant announced today.

This is a small but important update, as organizations in regulated industries such as finance and healthcare are often legally required to manage their encryption keys internally. By providing this option, Google can now use Cloud Spanner to extend the scope of its database use cases. This may create new sales opportunities.

Cloud Spanner is a commercial version of the internal relational database that Google relies on to enhance consumer services. The system uses standard SQL syntax for queries and comes with a service level contract that offers up to 99.999% uptime. This corresponds to less than an hour of downtime per year.

By default, Cloud Spanner uses Google-managed encryption keys to encrypt data in transit and at rest. Enterprises now have the option to exchange these keys for their own. You can store these keys in another Google Cloud service called CloudKMS.

Cloud KSM supports more than half a dozen popular encryption protocols. Controls that allow cybersecurity teams to create new keys, delete existing keys, and automatically update encryption keys for particularly sensitive applications at regular intervals to reduce the risk of compromise. Offers. This service can be used to encrypt not only production data in a Cloud Spanner environment, but also associated backups.

For added security, organizations can choose to have Google store their encryption keys in a hardware encryption module, a tamper-proof device that effectively acts as a data vault. Google’s data center hardware encryption modules comply with the US Government’s FIPS PUB140-3 cybersecurity standards.

Google has announced enhanced encryption with another new security feature called the Access Approval. It can also help companies meet regulatory compliance requirements. If your company has this feature enabled, Google support and engineering staff must obtain explicit approval before accessing the Cloud Spanner environment for troubleshooting purposes.

The financial, healthcare, and other regulated sectors that Google is targeting with its latest Cloud Spanner extensions make up a huge market. In addition, the new features could help search giants compete with companies in other areas. Organizations looking to move their on-premises relational databases to the cloud, but wanting to maintain control of the encryption keys that protect them, can now easily move to Google’s cloud.

With these considerations, Google may provide customer-provided key support for more database services in the future. Google Cloud offers its customers more than half a dozen different database products.

Today’s update comes about a month after the company publishes a new backup feature on CloudSpanner to protect against accidental data deletions and accidental changes.

