This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Encryption at rest proof

Posted on 04-26-2023 04:58 AM
whoknows
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello,

Facebook requires that we prove our data is encrypted at rest based on the following:

https://developers.facebook.com/docs/development/maintaining-data-access/data-protection-assessment/...

We have our app in google cloud and I know that encryption at rest is by default in google cloud but I have no idea on how I can prove that to facebook based on the provided link.

Any help or ideas on this will help us from having Facebook shut down our business as their requirement comes with nifty price on our end.

Thanks in advance.

-Jim

 

2 5 2,735
Topic Labels
5 REPLIES 5

Posted on --/--/---- --:-- AM
GlebO
Staff
Reply posted on --/--/---- --:-- AM

Hi,

Sorry, cannot read the link - the page is not accessible for me. 

Maybe the reference from Google documentation about encryption can help. Here is the link to the Cloud SQL encryption description https://cloud.google.com/sql/docs/mysql/faq#encryption . 

And here is the compliance central page if they need more information https://cloud.google.com/security/compliance 

Will it be enough to prove it?

0 Likes

Posted on --/--/---- --:-- AM
lmw
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

@GlebO we're encountering the same issue. We linked to the documentation and they're still saying it's not enough proof. 🙄 Is there anywhere in the UI where there's a little green icon next to the word encryption or something?

0 Likes

Posted on --/--/---- --:-- AM
GlebO
Staff
Reply posted on --/--/---- --:-- AM

Hi,

What kind of proof would satisfy them? I don't think we have a green checkmark for encryption at rest for databases. If you choose to use CMEK (Customer Managed Encryption Key)  then it will be clearly stated in the configuration. But by default it uses the Google managed encryption key. You can show it on the screen for database creation. 

 

Screenshot 2023-05-22 at 2.29.40 PM.png

0 Likes

Posted on --/--/---- --:-- AM
lmw
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

I'll give that a try. I don't think the reviewer is thinking too critically in this case, so any view of a config about encryption will probably suffice... Thank you @GlebO!

0 Likes

Posted on --/--/---- --:-- AM
whoknows
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

We did post pretty much anything and everything we could, we also checked with google support, they rejected again and again, out last post which is pending approval included switching to CMEK and provide some output of:

gcloud sql instances describe <instancename>
gsutil ls -L -b <bucket>

By enrolling to CMEK we get some additional information on the encryption status that are missing from google managed encryption. We also included all kind of google docs on encryption policy, dashboard screenshots, documentation on how encryption at rest is implemented on our end. 

The status of our last post is still unknown. I hope the information gets approved as there is absolutelly no idea by anyone around my field on what else could fit their requirements.

0 Likes
Top Solution Authors
View all