back to article Google Cloud boss promises 'security built into every layer of the system' at UK shindig

At the Google Cloud Next conference in London today the adtech company's enterprise tech arm declared that business clients would soon enjoy location restriction policies and other new tools of control freakery on Google Cloud Platform (GCP). Google, photo by lightpoet via Shutterstock What's holding you back from Google …

  1. NoneSuch
    FAIL

    Blah...

    And every layer of security will have a back door that will search, index and file your content.

    1. TReko

      Re: Blah...

      ...which is why Google still does not support at-rest encryption of the data stored on its cloud. You'll need to add a third-party plugin like Syncdocs https://syncdocs.com to encrypt your files on Google Drive.

      How Google plan on restricting access to certain regions is unknown. Will they do it via an IP geolocation database, or via the Google user's self-reported country?

      1. Anonymous Coward
        Anonymous Coward

        Re: Blah...

        "...which is why Google still does not support at-rest encryption of the data stored on its cloud"

        - except your statement couldn't be more wrong as Google has always provided encryption at rest for all data:

        https://cloud.google.com/security/encryption-at-rest/

        If you want to manage your own encryption keys then that's not universally supported on all products, but show me a public cloud that does.

        1. Anonymous Coward
          Anonymous Coward

          Re: Blah...

          "but show me a public cloud that does."

          Azure does. Via "bring your own keys" and Thales HSMs.

    2. TheVogon Silver badge

      Re: Blah...

      "The new location restriction policy will allow sysadmins to control who can create new resources, as well as locking down where they can be accessed from"

      And how does that prevent trivial avoidance via proxies or VPNs?

      1. Jack of Shadows Silver badge

        Re: Blah...

        And the case of locking out a user based upon a location which they are most definitely not. True, that could be considered the user's fault, thus requiring a change in VPN apparent location but the prevalence of VPN's is increasing and not all users are really aware of complications that can result. It took quite a while (read years) to convince my bank that my machine was all over the planet.

  2. Starace
    Flame

    Here to stay?

    "users still had questions of whether or not we were here to stay."

    It's not like Google has any sort of history of dropping things at a moments notice is it? Long term product strategy and support has never been a priority.

  3. Martin Gregorie Silver badge

    Missing data protection terms

    This piece is more noticeable for what it omits that for what it says.

    The thing that most surprised me is that, although it seems that you can lock things regionally so that system management and access are restricted to a particular geographic region, it doesn't say what, exactly, this means. Is a region a continent? the EU? a country? a region within a country? a city? a building with a postal address? All or none of these? Can the same restrictions apply to the location of stored data, i.e. can I configure things so that, as an EU or UK based data controller, I can be guaranteed that my data will never be stored on UASian servers?

    And last but not least, there's no reference to how this data storage and access scheme maps onto the GDPR. It would be interesting to know if this question was asked and, if it was, what the response was.

    I've read the article together with the Google document it links to and the relevant document that the latter links to, but none of these mentions GDPR or covers user control over data storage location in other than the most general terms: neither of the linked documents give any more detail than El Reg's write-up.

    1. Anonymous Coward
      Anonymous Coward

      Re: Missing data protection terms

      A region is like an AWS region - essentially a data center campus comprising 3 or more isolated availability zones.

      You can already define one or more regions where resources like databases reside if you want to keep your data outside of the US, for example. This announcement (which I wasn't at) seems to add restrictions to, say, prevent users accessing that data from outside your region, or creating resources in the US. For example.

  4. This post has been deleted by its author

  5. RyokuMas Silver badge
    Facepalm

    Security, huh?

    cough*googleplus*cough

    1. Anonymous Coward
      Anonymous Coward

      Re: Security, huh?

      "Security, huh?

      cough*googleplus*cough"

      Not to mention being unable to meet the security requirements of JEDI cloud in the US.

  6. cyberM

    Security, huh?

    The session which talked about the security in the enterprise offering was 4pm on the last day when most people had left, and so only 60 people turned up, and the El Goog people ran off before Q&A. Is this for real?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019