You want to encrypt the customer data stored in BigQuery. You need to implement per-user crypto-deletion on data stored in your tables. You want to adopt native features in Google Cloud to avoid custom solutions. What should you do?
A.
Implement Authenticated Encryption with Associated Data (AEAD) BigQuery functions while storing your data in BigQuery.
B.
Create a customer-managed encryption key (CMEK) in Cloud KMS. Associate the key to the table while creating the table.
C.
Create a customer-managed encryption key (CMEK) in Cloud KMS. Use the key to encrypt data before storing in BigQuery.
D.
Encrypt your data during ingestion by using a cryptographic library supported by your ETL pipeline.
- AEAD cryptographic functions in BigQuery allow for encryption and decryption of data at the column level.
- You can encrypt specific data fields using a unique key per user and manage these keys outside of BigQuery (for example, in your application or using a key management system).
- By "deleting" or revoking access to the key for a specific user, you effectively make their data unreadable, achieving crypto-deletion.
- This method provides fine-grained encryption control but requires careful key management and integration with your applications.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
raaad
Highly Voted 10 months agoJyoGCP
Most Recent 8 months, 2 weeks agoscaenruy
10 months ago