Google Cloud Introduces Two New Security Features In BigQuery To Help Secure Sensitive Data

Google has added a column-level encryption tool and dynamic masking of information to its Software as a service data repository BigQuery. These features help safeguard and protect sensitive data by adding a second level of protection atop access control.

These additional capabilities may benefit businesses that keep personally identifiable information (PII) and other sensitive data, such as credit card information and biometric data. Organizations that store and analyze data in nations with developing data governance and privacy regulations face continual dangers from data breaches and data leaks and must restrict data access; these companies may also benefit from the new features.

Dynamic information masking may be utilized for real-time transactions, while column-level encryption offers extra protection for data at rest or in motion when real-time usefulness is not needed. Column-level encryption allows encrypting and decrypting at the column level, allowing the administrator to choose which columns are to be encrypted and which are not. 

The method used for encryption is supported by functions, allowing for grouping, aggregating, and joining of encrypted data. One of the use cases of this new functionality is when data in BigQuery is natively encrypted and must be decrypted when accessible, or when data is externally encrypted, stored in BigQuery, and then decrypted when accessed.

Column-level encryption is connected with Cloud Key Management System to provide administrators greater control, manage encryption keys in KMS, and enable on-access secure key retrieval and thorough reporting. Before the column-level encryption functionality is released, administrators must generate copies of datasets with obscured data to control the correct access to groups. This results in an uneven approach to data protection, which may be costly to administer. Column level encryption improves security by allowing each column to have its own encryption key rather than a single key for the whole database. Since there is less encryption data when using column-level encryption, data access is quicker.

The preview release of dynamic information masking gives administrators additional flexibility by allowing them to select the extent to share the data or disguised data, increasing column-level security. This functionality conceals column-level data at query time depending on the established masking criteria, user roles, and rights. Administrators may use this capability to obscure important data and manage user access while minimizing the risk of data leaks.

Developers do not need to adjust the query at the application level to mask sensitive data; once data masking is enabled at the BigQuery level, the current query seamlessly hides the data depending on the user’s permissions. The administrator also has the flexibility to define the security rule once and later apply it to any number of columns using tags. Both these features make it simpler to distribute data since administrators may conceal information selectively, and databases can be shared with multiple users.

These new features can help improve security, manage access control, adhere to privacy laws, and build secure test environments. Allow for more uniform handling of sensitive data tables; administrators no longer need to develop different datasets with encrypted data and distribute these copies to the appropriate users.

References:

• https://cloud.google.com/blog/products/identity-security/announcing-new-bigquery-capabilities-to-help-secure-sensitive-data
• https://www.infoq.com/news/2022/07/google-bigquery-encryption/

Please Don't Forget To Join Our ML Subreddit