Early morning today, GCP became the first major cloud provider to give its customers the controls needed to protect their data, even when using the native cloud services such as BigQuery. Google unveiled “External KMS” working with Fortanix and PayPal at Next’19 in London.
We need to zoom out a bit to see why is it so significant and why this announcement became the front and center of the keynotes and demos. New regulations such as CCPA/GDPR are becoming more localized but businesses are becoming more global. The cost of “non-compliance” is increasing, but businesses rely on a growing set of clouds, services, and users. Almost everyone is “multicloud” (counting on-premises and one public cloud presence). How do businesses, then, control their #dataDestiny?
The cost of “non-compliance” is increasing, but businesses rely on a growing set of clouds, services, and users.
This is why GCP’s external key management service (EKMS) is groundbreaking. You keep your keys on your premises (such as Fortanix Self-Defending KMS) or an external 3rd party SaaS (such as Equinix SmartKey), but you use the same keys and policies for all your apps and data. Your business risk, your rules - your identities, your log, your access control, your policies - you control the exposure of your data regardless of where and how it used. There is much more about this still-beta service that can’t be publicly disclosed at this point. Get in touch with us or your GCP rep for details.
Pictured above are Il-Sung Lee and Gregory King showcasing Fortanix Self-Defending KMS at #googlenext19.
EKMS required deep engineering innovation. How do you have cloud native services such as BigQuery and Google Compute Engine work in complete harmony with external key management service so that you avail cloud-native SLA and performance but have the controls you need? Can you have your cake and eat it too? Hmm, may be keys are not exactly like cakes. One you find in grocery store, another at locksmith your encryption provider. Kudos to the Google and Fortanix teams to make this a reality.
A service like EKMS may look ridiculously hard today. But, the future of cloud adoption requires an easy and comprehensive security control in the customers’ hands. In a short time, such a service will be a necessity for running anything worth protecting in the cloud. It may even be mainstream. And, then, in a few years, when EKMS is used by default and future security generation does not even think about it, it will be a ridiculous topic to discuss. When was the last time, you convinced someone they needed Oxygen (or a smartphone!) to survive!