What is Google Cloud Key Management Service (KMS)? – Definition from https://coinselected.com

Google Cloud Key Management Service ( KMS ) is a cloud avail for managing encoding keys for early Google cloud services that enterprises can use to implement cryptanalytic functions .
Released in January 2017, the service enables users to generate, use, rotate and destroy Advanced Encryption Standard ( AES ) -256 encoding keys for protecting cloud data. Google Cloud KMS can besides be used to manage keys used for encrypting other types of data for enterprises, such as API tokens and user credentials. Security teams using Google Cloud KMS can set encoding keys to automatically rotate at even intervals .
Google Cloud KMS is part of the Google Cloud Platform ( GCP ) suite and enables customers to manage their encoding keys for data they store on GCP. Administrators can besides use Google Cloud KMS to do bulk data encoding on plaintext before it is stored. The main industries Google targets with this service are those subject to regulations about how they store and secure sensitive data, like fiscal services and healthcare providers .

How Google Cloud KMS works

Cloud KMS stores AES-265 encoding keys in a five level hierarchy. The top level, called GCP Project, manages Identity and Access Management roles for accounts associated with a specific cloud project, which can be linked to an organization or a department within it, for exemplify. Organizations can store geographic locations of datum centers that handle requests to Cloud KMS resources at the Project level. The Location flat can store encoding keys for a group within the project in a particular localization such as “ east ”, “ west ” and sol on, or it can be set to “ global ” so that all locations associated with the project can access the datum.

future comes KeyRings, within which groups of CryptoKeys can be hosted. A KeyRing belongs to a plan and resides in a particular placement. KeyRings set the permissions for the CryptoKeys they hold, so they hold CryptoKeys with similar license levels. A CryptoKey is a cryptanalytic keystone with a specific purpose. CryptoKeys can changes as the encoding changes, and that introduces CryptoKeyVersion, which is the final tier in the hierarchy .
Google offers a lie API as part of Google Cloud KMS, so developers can access KMS functions to list, create, destroy and update encoding keys and help enterprises that manage a big amount of keys and employees come and go and change roles within the constitution. It can besides encrypt and decrypt data using particular keys, and set and examination IAM policies. There is a 24-hour stay on encoding key destruction and users have the option to restore former key versions.

Google Cloud Key Management System
Varying levels of control or automation available in Google Cloud KMS

Integration with Google cloud services

Cloud KMS integrates with some of Google ‘s early overcast services, such as Cloud Identity and Access Management, which handles encoding key authentication. in concert, the services manage security permissions and policies that control identify access and access to KeyRings. Cloud KMS besides integrates with Cloud Audit Logging, which records administrative access and usage activeness — something that can be helpful when dealing with complaisance standards and regulations.

Automated and manual identify rotation options enable users to apply a preset agenda or manually choice when the encoding key rotate. This is done using either the API or the command-line interface .
Google Cloud KMS has the ability to support millions of encoding keys with an arbitrary number of identify versions. It can be used as a distribute service or in a one geographic cloud data center .
Google ‘s oblation of an encoding key management service was introduced after Amazon Web Services and Microsoft Azure released their own versions .

reference : https://coinselected.com
Category : crypto topics

Leave a Reply

Your email address will not be published.