How Do You Decide When and How Can Your Data Be Decrypted?

How Do You Decide When and How Can Your Data Be Decrypted?

Key Access Justifications (KAJ) feature of the EKM allows organizations to deny Google direct access to decrypt data even in incidents that are out of control or requested by a third-party authority. KAJ provides a detailed justification for every request to decrypt data. Organizations can explicitly approve or deny cryptographic requests based on an access reason policy. For example, organizations can allow Google to initiate access to the Key Encryption Keys (KEK) but reject access to third parties or when no justification is provided. Organizations can use an audit log entry for each cryptographic operation, including the access reason.

webinar cta