Free Preparation Discussions
MENU
Google Exam Professional-Data-Engineer Topic 5 Question 92 Discussion
Topic #: 5
You want to encrypt the customer data stored in BigQuery. You need to implement for-user crypto-deletion on data stored in your tables. You want to adopt native features in Google Cloud to avoid custom solutions. What should you do?
To implement for-user crypto-deletion and ensure that customer data stored in BigQuery is encrypted, using native Google Cloud features, the best approach is to use Customer-Managed Encryption Keys (CMEK) with Cloud Key Management Service (KMS). Here's why:
Customer-Managed Encryption Keys (CMEK):
CMEK allows you to manage your own encryption keys using Cloud KMS. These keys provide additional control over data access and encryption management.
Associating a CMEK with a BigQuery table ensures that data is encrypted with a key you manage.
For-User Crypto-Deletion:
For-user crypto-deletion can be achieved by disabling or destroying the CMEK. Once the key is disabled or destroyed, the data encrypted with that key cannot be decrypted, effectively rendering it unreadable.
Native Integration:
Using CMEK with BigQuery is a native feature, avoiding the need for custom encryption solutions. This simplifies the management and implementation of encryption and decryption processes.
Steps to Implement:
Create a CMEK in Cloud KMS:
Set up a new customer-managed encryption key in Cloud KMS.
Associate the CMEK with BigQuery Tables:
When creating a new table in BigQuery, specify the CMEK to be used for encryption.
This can be done through the BigQuery console, CLI, or API.
BigQuery and CMEK
Cloud KMS Documentation
Encrypting Data in BigQuery
Irma
1 days agoNaomi
3 days agoNathalie
6 days agoGalen
14 days agoWilliam
15 hours agoMarguerita
4 days agoShenika
16 days agoAleisha
26 days agoYesenia
13 hours agoJanna
12 days agoNgoc
15 days agoTerrilyn
1 months agoMoira
7 days agoCiara
18 days agoIzetta
1 months agoMollie
1 months agoLouvenia
25 days agoAbel
28 days ago