What are the requirements when implementing External Key Management?

What are the requirements when implementing External Key Management?

  • High Availability – External Key Manager (EKM) must be available as the GCP KMS service with which it integrates.
  • Disaster Recovery - Google does not store keys on its servers and cannot access protected disks unless the organization provides it with the Key to Cloud EKM. If the Key is lost, there is no way for Google to recover the Key or any data encrypted with the lost Key.
  • Performance - Latency and throughput should be within acceptable limits.
  • Role-based access control - Access to the EKM Keys must be based on the roles of authorized users.
  • Auditability - Operations performed outside the Cloud on the EKM must be logged with a high level of granularity.

webinar cta