How to Analyze Customer Transactions in BigQuery for Google Kubernetes Engine Webshop

Ensure No Storage of Credit Card Numbers in BigQuery

Question

A company is running their webshop on Google Kubernetes Engine and wants to analyze customer transactions in BigQuery.

You need to ensure that no credit card numbers are stored in BigQuery What should you do?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

D.

When running a webshop on Google Kubernetes Engine (GKE), it is common to use Google BigQuery to analyze customer transactions. However, it is important to ensure that credit card numbers are not stored in BigQuery for compliance and security reasons.

Option A suggests creating a BigQuery view with regular expressions matching credit card numbers to query and delete affected rows. While this option may work to delete credit card numbers from BigQuery, it is not a scalable solution and can be error-prone. Additionally, there may be legal requirements to retain transaction data for a certain period of time, making this option not suitable.

Option B suggests using the Cloud Data Loss Prevention (DLP) API to redact related infoTypes before data is ingested into BigQuery. This is a more efficient and scalable solution as it allows for automatic redaction of credit card numbers before they are stored in BigQuery. The Cloud DLP API offers pre-built and custom detection rules to identify sensitive data types, including credit card numbers. This option ensures that credit card numbers are never stored in BigQuery and meets compliance requirements.

Option C suggests leveraging Security Command Center (SCC) to scan for the assets of type Credit Card Number in BigQuery. SCC provides a centralized view of security-related information, but it is not designed to scan for specific data types like credit card numbers in BigQuery. This option is not the most efficient or effective solution for this use case.

Option D suggests enabling Cloud Identity-Aware Proxy (IAP) to filter out credit card numbers before storing the logs in BigQuery. While IAP can help to control access to resources and enforce policies, it is not designed to filter out credit card numbers in logs. This option is not applicable to the use case of ensuring that credit card numbers are not stored in BigQuery.

Therefore, the best option to ensure that no credit card numbers are stored in BigQuery is to use the Cloud Data Loss Prevention API to redact related infoTypes before data is ingested into BigQuery.