episode-header-image

Nov 2022

42m 17s

Assured Workloads with Key Access Justif...

GOOGLE CLOUD PLATFORM

About this episode

Hosts Max Saltonstall and Daryl Ducharme are joined by Bryce Buffaloe and Seth Denney to chat about Assured Workloads and the sovereignty control Key Access Justifications so customers can see how their data is used and control who can see what.

Assured Workloads with Google is a security and compliance engine that allows users to control their data with the help of Google. With the expansion of data use around the globe, data sovereignty has become more important as well, and Google Cloud products offer myriad tools to maintain control, privacy, and compliance no matter the location. Seth talks more about sovereignty and how it’s changing data storage and management. Our guests talk about how Google has tackled the sovereignty issues, difficult decisions that had to be made, and the process of working with clients to optimize tools for different security and sovereignty scenarios.

With Key Access Justifications, Google has bolstered its offerings to provide clients with trustworthy controls to keep data secure and sovereign, from Compute Engine VMs to BigQuery. We learn what Key Access Justifications look like for users and how the encryption keys work in different Google Cloud services. Customer managed key material is stored outside of Google and the key manager must give permission for access for an added layer of trust and security. Seth and Bryce explain why this is important and describe how KAJ are used with some examples. These features may also be used to improve security in the future by preventing data from being decrypted and stolen should someone ever get access to your system. We hear more about the future of data security and sovereignty, including simplifying the process with managed services and easier onboarding. Strategic European partnerships are helping Google tackle these important issues overseas so clients can focus on their businesses and worry less about data security.

The catalyst for KAJ was a large German bank that recognized the sovereignty changes coming, and we hear more about the origins of KAJ and the path to where it is today. When paired with Assured Workloads, clients get maximum sovereignty coverage. Seth talks a little about the Sovereignty Access Controls done internally as well. Bryce walks us through using these Google services with a European example.

Bryce Buffaloe

Bryce is Product manager for Google Cloud Security managing the portfolio of the Assured Workload’s solution suite.

Seth Denney

Seth is KAJ Tech Lead, responsible for ensuring the integrity and usefulness of KAJs to support customer data sovereignty

Cool things of the week

DevFests site
Best Kept Security Secrets: Tap into the power of Organization Policy Service podcast

Interview

Assured Workloads site
Assured Workloads Playlist videos
Key Access Justifications docs
Compute Engine site
BigQuery site
GCP Podcast Episode 325: Digital Sovereignty with Archana Ramamoorthy and Julien Blanchez podcast
T Systems site

What’s something cool you’re working on?

Daryl just released a video about using Workflows’ new parallel step.

Max is working on crossover episodes across our various podcast streams, so we can have SRE guests on to the GCP podcast to talk reliability, for example, or bring some of the Kubernetes hosts to the Cloud Security podcast to discuss securing Kubernetes workloads.

Hosts

Max Saltonstall and Daryl Ducharme

Up next

How UniSuper is helping Australians get the best of their superannuation fund investments with cloud

In this special episode, we are featuring That Digital Show. In Australia, every employee is required to select their superannuation fund of choice to help them invest a portion of their income. Having celebrated its 40th anniversary recently, UniSuper, one of Australia’s largest ... Show More

Creating a sustainable EV ecosystem in Taiwan with ChargeSmith

In this special episode, we are featuring That Digital Show. As the electric vehicles (EV) sector accelerates, drivers are finding it a challenge to conveniently access charging points. This has become one of the biggest concerns for EV drivers around the world. Intending to solv ... Show More

Tapping onto AI to build a more sustainable future with Recursive AI

In this special episode, we are featuring That Digital Show. AI is seen as a powerful tool and enabler for businesses around the world. At the same time, more organizations are looking for ways to operate more sustainably. To combine the two, Recursive AI was established in 2020, ... Show More

Recommended Episodes

Vertafore's Chad Hawkinson on Cloud Data Security and Streamlining Workflows

Joining Cindi today is Chad Hawkinson, the Chief Product and Data Officer at Vertafore, the leader in creating modern insurance technology. A seasoned data and analytics guru, Chad has seen first-hand the profound impact data-driven insights can have on customers’ success. On th ... Show More

When it rains, it pours.

Advanced wiper malware hits Ukraine. Nemesis gets dismantled. Apple deals with an unpatchable vulnerability. FortiGuard rises to the rescue. CISA and FBI join forces against DDoS attacks. US airlines data security and privacy policies are under review. Hackers hit thousands in Ja ... Show More

LLM Security and Privacy

Sean Falconer (@seanfalconer, Head of Dev Relations @SkyflowAPI, Host @software_daily) talks about security and privacy of LLMs and how to prevent PII (personally identifiable information) from leaking outSHOW: 807 CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotw NEW TO CLO ... Show More

Where to Begin With Data Governance Frameworks and How Software Can Help (Brandon Wiebe, GC & Head of Privacy, Transcend)

Brandon Wiebe, General Counsel and Head of Privacy at Transcend, offers tips about implementing data governance frameworks and how to utilize software in the process. Brandon’s company is a privacy platform that helps legal and compliance teams automate data compliance tasks. Bra ... Show More

Influence operations, da. Direct hacking? Maybe nyet. Chalubo botnet borrows old tricks. Financial sector alert in Mexico. Airline breach disclosed. Lawsuits over privacy. ICS Security notes.

In today's podcast, we hear that the US Department of Homeland Security sees lower-than-expected rates of Russian election system probing even as Russian information operations continue. Sophos warns of the emergence of the Linux-based "Chalubo" botnet. Mexico's Central Bank rais ... Show More

522: Practical Privacy

Why Linux reigns for privacy; our recommendations for secure tools from chat to DNS.Sponsored By:Tailscale: Tailscale is a Zero config VPN. It installs on any device in minutes, manages firewall rules for you, and works from anywhere. Get 20 devices for free for a personal accoun ... Show More

Midnight Blizzard brings the storm.

Russian state hackers breach Microsoft. LockBit claims Subway restaurants hack. A Swedish datacenter is hit with ransomware. VMware patches a vulnerability targeted by Chinese espionage groups. Sentinel Labs warns of North Korean APTs focus on cybersecurity pros. FTC order anothe ... Show More

Kingdom come, kingdom fall.

German officials take down a dark web market. Google patched zero-day. Terrapin attack targets SSL. A look at payment fraud. Agent Tesla is spreading through an old vulnerability. An iPhone thief explains his techniques. Ukrainian reprisals for Russia's Kyivstar attack. Israeli o ... Show More

The power of web data in cybersecurity. [CyberWire-X]

The public web data domain is a fancy way to say that there is a lot of information sitting on websites around the world that is freely available to anybody who has the initiative to collect it and use it for some purpose. When you do that collection, intelligence groups typicall ... Show More

Listen to millions of songs and podcasts on Anghami