Podevcast

Assured Workloads with Key Access Justifications with Bryce Buffaloe and Seth Denney

Google Cloud Platform Podcast

Episode | Podcast

Date: Wed, 02 Nov 2022 16:28:04 +0000

Hosts <a href="https://twitter.com/maxsaltonstall" rel="noopener" target="_blank">Max Saltonstall</a> and Daryl Ducharme are joined by Bryce Buffaloe and Seth Denney to chat about Assured Workloads and the sovereignty control Key Access Justifications so customers can see how their data is used and control who can see what. Assured Workloads with Google is a security and compliance engine that allows users to control their data with the help of Google. With the expansion of data use around the globe, data sovereignty has become more important as well, and Google Cloud products offer myriad tools to maintain control, privacy, and compliance no matter the location. Seth talks more about sovereignty and how it’s changing data storage and management. Our guests talk about how Google has tackled the sovereignty issues, difficult decisions that had to be made, and the process of working with clients to optimize tools for different security and sovereignty scenarios. With Key Access Justifications, Google has bolstered its offerings to provide clients with trustworthy controls to keep data secure and sovereign, from Compute Engine VMs to BigQuery. We learn what Key Access Justifications look like for users and how the encryption keys work in different Google Cloud services. Customer managed key material is stored outside of Google and the key manager must give permission for access for an added layer of trust and security. Seth and Bryce explain why this is important and describe how KAJ are used with some examples. These features may also be used to improve security in the future by preventing data from being decrypted and stolen should someone ever get access to your system. We hear more about the future of data security and sovereignty, including simplifying the process with managed services and easier onboarding. Strategic European partnerships are helping Google tackle these important issues overseas so clients can focus on their businesses and worry less about data security. The catalyst for KAJ was a large German bank that recognized the sovereignty changes coming, and we hear more about the origins of KAJ and the path to where it is today. When paired with Assured Workloads, clients get maximum sovereignty coverage. Seth talks a little about the Sovereignty Access Controls done internally as well. Bryce walks us through using these Google services with a European example. <h5>Bryce Buffaloe</h5> Bryce is Product manager for Google Cloud Security managing the portfolio of the Assured Workload’s solution suite. <h5>Seth Denney</h5> Seth is KAJ Tech Lead, responsible for ensuring the integrity and usefulness of KAJs to support customer data sovereignty <h5>Cool things of the week</h5> <ul> <li style="font-weight: 400;">DevFests <a href="https://developers.google.com/community/devfest" rel="noopener" target="_blank">site</a></li> <li style="font-weight: 400;">Best Kept Security Secrets: Tap into the power of Organization Policy Service <a href="https://podcasts.google.com/feed/aHR0cHM6Ly9mZWVkcy5saWJzeW4uY29tLzQwOTc1Ny9yc3M/episode/Y2Q2ZDhlYTctMzdlNS00YWM4LTk5ZjUtODQwOTRjMmQ5ZjFi?sa=X&ved=0CAUQkfYCahcKEwiwnY_n1IP7AhUAAAAAHQAAAAAQAQ" rel="noopener" target="_blank">podcast</a></li> </ul> <h5>Interview</h5> <ul> <li style="font-weight: 400;">Assured Workloads <a href="https://cloud.google.com/assured-workloads" rel="noopener" target="_blank">site</a></li> <li style="font-weight: 400;">Assured Workloads Playlist <a href="https://www.youtube.com/playlist?list=PLIivdWyY5sqID95dceXbJH-tioBL72_jp" rel="noopener" target="_blank">videos</a></li> <li style="font-weight: 400;">Key Access Justifications <a href="https://cloud.google.com/cloud-provider-access-management/key-access-justifications/docs/overview" rel="noopener" target="_blank">docs</a></li> <li style="font-weight: 400;">Compute Engine <a href="https://cloud.google.com/compute" rel="noopener" target="_blank">site</a></li> <li style="font-weight: 400;">BigQuery <a href="https://cloud.google.com/bigquery" rel="noopener" target="_blank">site</a></li> <li style="font-weight: 400;">GCP Podcast Episode 325: Digital Sovereignty with Archana Ramamoorthy and Julien Blanchez <a href="https://www.gcppodcast.com/post/episode-325-digital-sovereignty-with-archana-ramamoorthy-and-julien-blanchez/" rel="noopener" target="_blank">podcast</a></li> <li style="font-weight: 400;">T Systems <a href="https://www.t-systems.com/de/en" rel="noopener" target="_blank">site</a></li> </ul> <h5>What’s something cool you’re working on?</h5> Daryl just released a <a href="https://www.youtube.com/watch?v=C1Reg1u1MXY&feature=youtu.be" rel="noopener" target="_blank">video</a> about using Workflows’ new parallel step. Max is working on crossover episodes across our various podcast streams, so we can have SRE guests on to the GCP podcast to talk reliability, for example, or bring some of the Kubernetes hosts to the Cloud Security podcast to discuss securing Kubernetes workloads. <h5>Hosts</h5> Max Saltonstall and Daryl Ducharme