A large financial institution is moving its Big Data analytics to Google Cloud Platform.
They want to have maximum control over the encryption process of data stored at rest in BigQuery.
What technique should the institution use?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
https://cloud.google.com/bigquery/docs/encryption-at-restThe best technique for a financial institution to have maximum control over the encryption process of data stored at rest in BigQuery on Google Cloud Platform is to use customer-managed encryption keys (CMEK).
CMEK is a feature that allows customers to manage their own encryption keys used to encrypt and decrypt data stored in BigQuery. With CMEK, customers can use their own encryption keys to encrypt data at rest, and have complete control over the keys themselves. This means that the encryption keys are never stored by Google, and only the customer can decrypt the data.
Cloud Storage as a federated data source is not a suitable option for this scenario because it does not provide the level of control over encryption that CMEK does. While Cloud Storage can be used to store data, it does not allow customers to manage their own encryption keys.
A Cloud Hardware Security Module (Cloud HSM) is a hardware appliance that provides cryptographic key management, but it is not necessary for this scenario. CMEK provides the same level of control over encryption keys without requiring a separate hardware appliance.
Customer-supplied encryption keys (CSEK) are used for encrypting data in transit and at rest for certain Google Cloud Storage resources. However, they are not suitable for encrypting data in BigQuery.
In summary, the best technique for a financial institution to have maximum control over the encryption process of data stored at rest in BigQuery on Google Cloud Platform is to use customer-managed encryption keys (CMEK).