Data-At-Rest Encryption Security Solution For Google Cloud Platform

Encryption Security Solution

As with all cloud storage, the data you store on these services is likely able to be accessed by the service provider, governments, and other regulators. Even claimed encryption may not be controllable or verifiable. With Bloombase, you can implement your own encryption solution with full control over cipher parameters, keys, and is certified for industry security. Here you can see a Microsoft SQL Server running on Google Cloud Compute Platform. The database files are stored in Google Persistent Disk The database files are stored as clear-text on Google Cloud Platform unprotected To secure the SQL Server database files using Bloombase StoreSafe,

Compute Instance

Firstly, let’s setup the compute instance. The instance should use the Bloombase image that was shared with your account. Make sure to allow HTTPS traffic and use a network that allows access from an external IP for configuration Provision a new Google Persistent Disk as backend storage for Bloombase StoreSafe which is going to be used for encrypted database files.

Web Management Console

Now, we can access the Bloombase StoreSafe web management console at the external IP. Let’s verify the Google persistent disk is attached Navigate to “Physical Storage” to configure the Google Persistent Disk as the backend storage Set “Physical Storage Type” as Device, write the “Type” as BLOCKIO, and click the magnifying glass icon to select the Google Persistent Disk. Lastly, navigate to “Virtual Storage” to setup the encryption parameters and access control.

We will set the “Mode” as iSCSI for client instances to connect to. Then click Add to choose the Google Persistent Disk Go to the Protection tab and choose “Privacy” from the dropdown menu Click Add and choose your encryption key. Select your desired cipher and bit length Go to the Access Control tab Under Allowed Portal, type the subnet or specific IP of the system that will access the storage.

Activate The Resource

Once the secure storage is properly provisioned, activate the resource to be presented as a block device to the Microsoft SQL Server as new data disk. Attach the Bloombase StoreSafe secure storage resource as a new disk drive from the Windows Server running SQL Server using iSCSI initiator client. To migrate existing database files to the Bloombase StoreSafe secure storage, firstly, shutdown the database service. Once the database service is offline, we can start migrating database files to Bloombase StoreSafe secure storage for initial encryption.

Detach the original disk drive with database files in plain-text Remap Bloombase StoreSafe secure storage as the original drive letter G:. We are ready to bring the Microsoft SQL Server service back online. Quick verification of encrypted database contents presented AS IF they are in clear-text. However, at the storage backend Google Persistent Disk, the sensitive database contents are encrypted by Bloombase StoreSafe using state-of-the-art cryptography.


Please enter your comment!
Please enter your name here