Google Cloud Platform has made another entreaty to enterprise customers that have security concerns about public...
Dubbed Access Approval, the feature lets customers decide GCP staffers' level of access to their data. It builds upon Access Transparency, which provides near-real-time log data when GCP admins touch customer information. Access Transparency now offers beta support for four additional GCP services: BigQuery, Cloud Pub/Sub, Bigtable and Dataflow.
While some of the industry's most talented and seasoned engineers staff public cloud services like GCP, customers that adopt these services give up some access control to them. Access Approval seeks to rebalance the equation, with the ability for customers to approve or deny cloud data access requests by various levels or types of Google workers ahead of time via privilege settings.
GCP's support team includes front-line workers who handle simpler problems, as well as senior engineers who helped build the platform. Different levels of support require different privileges, which complicates the implementation of comprehensive controls, Google said in a blog post. This Access Approval feature governs access by any Google employees to support a GCP customer's services, not just select groups.
However, Google reserves the right to access GCP customer data if such actions "are required by law or necessary to resolve a current outage or security incident," the company said.
GCP cloud data access control addresses enterprise reticence
Most companies have adopted or plan to adopt IaaS and PaaS, but some organizations remain reticent to hand over control of their infrastructure, starting with physical access to the hardware that hosts their data assets, said Doug Cahill, an analyst with Enterprise Strategy Group.
Doug Cahillanalyst, Enterprise Strategy Group
"This is another level of transparency and control that Google is giving the subscriber," he said. "For the more conservative and laggard adopters, this will assuage some of those concerns."
Moreover, despite GCP's inroads into enterprises, Google's core business model remains the monetization of customer data via targeted ads and other means. Thus, more than other cloud providers, it must project an aura of trust.
"GCP needs to walk the extra mile and lead in approvals and transparency," said Holger Mueller, an analyst with Constellation Research in Cupertino, Calif.
Another risk with GCP's additional transparency for customers is that it might impede Google's ability to quickly update systems. "This is a change control policy in a world that's supposed to be highly agile," Cahill said.
However, with features such as Access Approval, that's increasingly in the customer's control, Cahill added. For example, they can apply the strictest access controls only to mission-critical applications. "It's really up to the customer if they want to slow things down," he said.
Access Approval is available in an early trial phase for several GCP functions: Google Compute Engine, Google App Engine, Persistent Disk, Google Cloud Storage, Identity and Access Management, Key Management Service, BigQuery, Cloud Pub/Sub, Bigtable and Dataflow. However, customers must have an Enterprise or Platinum support subscription to use the tool.