Data Security and Access Control in Google Cloud Platform

 
5

Who has access to my data? How do I ensure its safety? What should I check to ensure the settings are correct?

We’ve answered literally hundreds of security questions from online retailers and financial institutions while implementing Google BigQuery into their projects. So we decided to share the answers to some of the most frequently asked questions with those to whom it may be useful.

How secure is data storage in Google BigQuery?

Google’s attention to data security is well known. Look at the facts:

So, does your corporate storage meet these safety requirements?

In any case, the only thing that data storage security guarantees is that one will gain access if you provide it. Now you probably want to know how to access permissions.

How do I control access to my data in Google BigQuery?

The Access to Google Cloud Platform can be granted both to users and applications.

  • For applications, access is granted to the service account and authorization works via keys in PKCS12 format:
  • permision for project
  • As for users, you can use different roles:
    • Viewer: can only view the data. This access is sufficient for users who need to view data and create reports;
    • Editor: can edit and change the data. For example, a user with this permission can create aggregated tables, or add data from external sources;
    • Owner: has full access to the account management, including adding / removing users and controlling their access permissions.

Access can be issued both at the project and dataset level. You can use it to delimit the access of coworkers to the data.

share-dataset

Access Configuration Recommendations

  • Set up a two-step verification for Google accounts. In this case, even if an attacker manages to guess the password, they will not bypass the 2nd step of the verification process via phone.
  • Don’t use your personal Gmail address. You can register any email, including the one from your corporate domain, as a Google account. Use it in this way and recommend it to your colleagues as well.
  • Share the minimum reasonable access. Do not grant Editor access level to those users who need to create reports based on the data.
  • Keep access to sensitive data in different projects and different datasets. For example, user personal data or product margin are best kept separately with the limited access of those employees and applications that actually need it.
  • Do not save query results from Google BigQuery in CSV-format on your local drive. This increases the risk of data leakage in the event of losing your laptop or installing malicious software. Create reports directly in Google Sheets instead. All the data will be transferred to the Google Cloud Platform, and access will be controlled from your Google account.

You might also like

    Trusted by

    Online Tours

    Great partner

    OWOX team developed Terms of Reference for the implementation Google Universal Analytics System Metrics via Google Tag Manager for mann-ivanov-ferber.ru. The document describes many technical features of Google tools which greatly simplified the metrics implementation process. It's important to keep in mind the implementation was much more complicated because we were did new site at the same time. Guys from OWOX accompanied us all the time, checked our implementation and provided useful advices.