Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Google Cloud Platform for Architects

You're reading from   Google Cloud Platform for Architects Design and manage powerful cloud solutions

Arrow left icon
Product type Paperback
Published in Jun 2018
Publisher Packt
ISBN-13 9781788834308
Length 372 pages
Edition 1st Edition
Arrow right icon
Authors (3):
Arrow left icon
Loonycorn Ravi Loonycorn Ravi
Author Profile Icon Loonycorn Ravi
Loonycorn Ravi
Judy Raj Judy Raj
Author Profile Icon Judy Raj
Judy Raj
Vitthal Srinivasan Vitthal Srinivasan
Author Profile Icon Vitthal Srinivasan
Vitthal Srinivasan
Arrow right icon
View More author details
Toc

Table of Contents (19) Chapters Close

Preface 1. The Case for Cloud Computing FREE CHAPTER 2. Introduction to Google Cloud Platform 3. Compute Choices – VMs and the Google Compute Engine 4. GKE, App Engine, and Cloud Functions 5. Google Cloud Storage – Fishing in a Bucket 6. Relational Databases 7. NoSQL Databases 8. BigQuery 9. Identity and Access Management 10. Managing Hadoop with Dataproc 11. Load Balancing 12. Networking in GCP 13. Logging and Monitoring 14. Infrastructure Automation 15. Security on the GCP 16. Pricing Considerations 17. Effective Use of the GCP 18. Other Books You May Enjoy

Use case – using customer supplied encryption keys

Data in GCS buckets is always encrypted, in-flight and at-rest. If we do nothing at all, the encryption occurs using Google-supplied keys. These keys are created, managed, and rotated by Google, and we need not bother with data encryption at all. This is the first option, called Google Supplied Encryption Key (GSEK), which is the one most likely to work right out of the box. The keys are those associated with the respective users and governed by IAM:

Alternatively, a customer might want more control, and insist on Customer Supplied Encryption Key (CSEK). Here, the key resides on the customer's premise, but is sent across in raw form as part of the API calls. All GCP references to the key are in-memory only, the key actually never gets stored on the cloud.

A third option is Customer Managed Encryption Keys (CMEK),...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime