PointStar SingaporePointStar Singapore
  • Solutions
        • WORKPLACE COLLABORATION


        • Email and CollaborationIntegrated enterprise solutions for business emails, collaborations and productivity tools.
        • Meeting Room and ConferencingModern conferencing and communication solutions for future workplaces.
        • End User ComputingSecured and easy-to-manage solutions for end users to access applications and data – any device, anytime, anywhere.
        • SD-WAN, Network, Wi-FiSmart and secured cloud managed network solutions from small businesses to large enterprises.
        • CLOUD COMPUTING


        • Public And Hybrid CloudMulti-Cloud Solutions for all types of workloads securely and flexibly on pay-as-you-use model.
        • Data Cloud and AnalyticsData solutions that allows unification of data securely across organizations and platforms with intelligent insights.
        • Platform as a ServiceCloud platform solutions that provide a series of modular cloud services for application and web services.
        • API ManagementFull lifecycle API management platform as gateway for runtime management, policy governance, and usage analytics.
        • BUSINESS APPLICATIONS


        • ERP SolutionsEnterprise Resources Planning solutions to automate business process for better financial insights and internal controls.
        • CRM Solutions360 solutions to unify sales, marketing and customer service interactions for better customer engagement.
        • Digital Signature SolutionsLegally binding electronic signature solutions for documents signings and workflow approvals.
        • Document Management SystemsHardcopies digitization and documents approval solutions for enhanced business process automations.
        • EMERGING TECHNOLOGIES


        • AI ChatbotLifelike conversational AI with state-of-the-art virtual agent systems for businesses and customer service environments.
        • Machine LearningArtificial Intelligence (AI) solutions that enable data learning for predictive analysis and automated decision making.
        • IoTProtect your business from disruptions with secure and highly available cloud infrastructure.
        • >> MORE
  • Services
        • CLOUD TRANSFORMATION


        • Infrastructure ModernizationProvide flexible cloud infrastructure services from re-host to re-platform.
        • Application ModernizationProvide cloud native application development platforms and services for simplify and speedy software delivery.
        • Data AnalyticsOffer multi-cloud and cross-platform cloud analytics for data analysis and reportings.
        • Cloud MigrationMigration of workload and application from on-premises systems to cloud platform.
        • BUSINESS SERVICES


        • ConsultingImprove your operational performance and productivity, and adding value throughout the lifecycle.
        • Business Application IntegrationsRapidly builds end-to-end smart workflows to help automate digital processes.
        • Backup & Disaster RecoveryProvide centralized protection for environments and applications running on-premises and on-cloud.
        • Business Process AutomationProfessional services to assist businesses in streamlining and automating business process and re-shaping their work.
        • TECHNICAL SERVICES


        • Technical SupportCertified engineers in providing IT support services with commitment to Service Level Agreements.
        • Managed ServicesProvide expertise to manage businesses’ IT requirements for operational efficiency and faster resolutions.
        • Workplace ModernizationDesign, install and implement modern AV and communication solutions for all workplace environment types.
        • Installation ServicesProfessional services in IT installations and implementations.
        • PROFESSIONAL SERVICES


        • Training ServicesProfessional training services from our certified trainers, engineers and consultants.
        • Project ManagementProfessional services in managing processes and resources to ensure the success of a project delivery.
        • Change ManagementManage the transition in product, policy and process changes to achieve ROI in new technology adoptions.
        • >> MORE
  • Products
        • More Products >>

  • Partners
        • Partner With Us
        • More >>

  • Customers
        • Our customers
        • Customer Stories
  • Blog
  • About
        • OVERVIEW


        • About PointStarPointStar is one of the pioneers in cloud services in the region.
        • Our TeamMeet our team of cloud transformation leaders.
        • OUR PARTNERSHIP


        • Awards and AccreditationPointStar has been recognized many times for a great number of achievements.
        • JOIN POINTSTAR


        • Why Join UsWorking at our company goes far beyond just having a job.
        • CareersJob opportunities in PointStar.
        • EVENTS


        • EventsCheck out our upcoming events.
  • Contact Us
        • Contact Sales
        • Help & Support
        • Customer Service Portal
  • Shop
Search
  • Solutions
        • WORKPLACE COLLABORATION


        • Email and CollaborationIntegrated enterprise solutions for business emails, collaborations and productivity tools.
        • Meeting Room and ConferencingModern conferencing and communication solutions for future workplaces.
        • End User ComputingSecured and easy-to-manage solutions for end users to access applications and data – any device, anytime, anywhere.
        • SD-WAN, Network, Wi-FiSmart and secured cloud managed network solutions from small businesses to large enterprises.
        • CLOUD COMPUTING


        • Public And Hybrid CloudMulti-Cloud Solutions for all types of workloads securely and flexibly on pay-as-you-use model.
        • Data Cloud and AnalyticsData solutions that allows unification of data securely across organizations and platforms with intelligent insights.
        • Platform as a ServiceCloud platform solutions that provide a series of modular cloud services for application and web services.
        • API ManagementFull lifecycle API management platform as gateway for runtime management, policy governance, and usage analytics.
        • BUSINESS APPLICATIONS


        • ERP SolutionsEnterprise Resources Planning solutions to automate business process for better financial insights and internal controls.
        • CRM Solutions360 solutions to unify sales, marketing and customer service interactions for better customer engagement.
        • Digital Signature SolutionsLegally binding electronic signature solutions for documents signings and workflow approvals.
        • Document Management SystemsHardcopies digitization and documents approval solutions for enhanced business process automations.
        • EMERGING TECHNOLOGIES


        • AI ChatbotLifelike conversational AI with state-of-the-art virtual agent systems for businesses and customer service environments.
        • Machine LearningArtificial Intelligence (AI) solutions that enable data learning for predictive analysis and automated decision making.
        • IoTProtect your business from disruptions with secure and highly available cloud infrastructure.
        • >> MORE
  • Services
        • CLOUD TRANSFORMATION


        • Infrastructure ModernizationProvide flexible cloud infrastructure services from re-host to re-platform.
        • Application ModernizationProvide cloud native application development platforms and services for simplify and speedy software delivery.
        • Data AnalyticsOffer multi-cloud and cross-platform cloud analytics for data analysis and reportings.
        • Cloud MigrationMigration of workload and application from on-premises systems to cloud platform.
        • BUSINESS SERVICES


        • ConsultingImprove your operational performance and productivity, and adding value throughout the lifecycle.
        • Business Application IntegrationsRapidly builds end-to-end smart workflows to help automate digital processes.
        • Backup & Disaster RecoveryProvide centralized protection for environments and applications running on-premises and on-cloud.
        • Business Process AutomationProfessional services to assist businesses in streamlining and automating business process and re-shaping their work.
        • TECHNICAL SERVICES


        • Technical SupportCertified engineers in providing IT support services with commitment to Service Level Agreements.
        • Managed ServicesProvide expertise to manage businesses’ IT requirements for operational efficiency and faster resolutions.
        • Workplace ModernizationDesign, install and implement modern AV and communication solutions for all workplace environment types.
        • Installation ServicesProfessional services in IT installations and implementations.
        • PROFESSIONAL SERVICES


        • Training ServicesProfessional training services from our certified trainers, engineers and consultants.
        • Project ManagementProfessional services in managing processes and resources to ensure the success of a project delivery.
        • Change ManagementManage the transition in product, policy and process changes to achieve ROI in new technology adoptions.
        • >> MORE
  • Products
        • More Products >>

  • Partners
        • Partner With Us
        • More >>

  • Customers
        • Our customers
        • Customer Stories
  • Blog
  • About
        • OVERVIEW


        • About PointStarPointStar is one of the pioneers in cloud services in the region.
        • Our TeamMeet our team of cloud transformation leaders.
        • OUR PARTNERSHIP


        • Awards and AccreditationPointStar has been recognized many times for a great number of achievements.
        • JOIN POINTSTAR


        • Why Join UsWorking at our company goes far beyond just having a job.
        • CareersJob opportunities in PointStar.
        • EVENTS


        • EventsCheck out our upcoming events.
  • Contact Us
        • Contact Sales
        • Help & Support
        • Customer Service Portal
  • Shop
Home » Digital Transformation Rockstar Blog » Four ways to secure your Google Cloud Storage data

Four ways to secure your Google Cloud Storage data

Four ways to secure your Google Cloud Storage data

Andika Pratama2021-08-02T00:47:16+08:00
Andika Pratama Blog, Cloud Storage 0 Comments

BLOG

Four ways to secure your Google Cloud Storage data

  • January 14, 2021
  • 10:42 am

Cloud storage enables organisations to reduce costs and operational burden, scale faster and unlock other cloud computing benefits. At the same time, they must also ensure they meet privacy and security requirements to restrict access and protect sensitive information. 

Security is a common concern for companies as they move their data to the cloud. Google Cloud Storage offers simple, reliable and cost-effective storage and retrieval of any amount of data at any time with built-in security capabilities such as encryption in transit and at rest and a range of encryption key management options including Google-managed, customer-supplied, customer-managed and hardware security modules. Google has one of the largest private networks in the world, minimizing exposure of your data to the public internet when you use Cloud Storage. 

Best practices for securing your data with Cloud Storage

Securing enterprise storage data requires planning ahead to protect your data from future threats and new challenges. Beyond the fundamentals, Cloud Storage offers several security features such as uniform bucket-level access, service account HMAC keys, IAM conditions, Delegation tokens and V4 signatures. 

Here are some security best practices for using these features to help secure and protect your data at scale. 

1. Use org policies to centralise control and define compliance boundaries

Cloud Storage, just like Google Cloud, follows a resource hierarchy. Buckets hold objects which are associated with projects which are then tied to organisations. You can also use folders to further separate project resources. Org policies are settings that you can configure at the org, folder or project level to enforce service-specific behaviours. 

Here are two org policies that’s recommended to be enabled: 

  • Domain-restricted sharing—This policy prevents content from being shared with people outside your organisation. For example, if you tried to make the contents of a bucket available to the public internet, this policy would block that operation. 
  • Uniform bucket-level access—This policy simplifies permissions and helps manage access control at scale. With this policy, all newly created buckets have uniform access control configured at the bucket level governing access for all the underlying objects. 

2. Consider using Cloud IAM to simplify access control  

Cloud Storage offers two systems for granting permissions to your buckets and objects: Cloud IAM and Access Control Lists (ACLs). For someone to access a resource, only one of these systems needs to grant permissions. 

ACLs are object-level and grant access to individual objects. As the number of objects in a bucket increases, so does the overhead required to manage individual ACLs. It becomes difficult to assess how secure all the objects are within a single bucket. Imagine having to iterate across millions of objects to see if a single user has the correct access. 

It’s recommended to use Cloud IAM to control access to your resources. Cloud IAM enables a Google Cloud wide, platform centric, uniform mechanism to manage access control for your Cloud Storage data. When you enable uniform bucket-level access control, object ACLs are disallowed and Cloud IAM policies at the bucket level are used to manage access. So, permissions granted at a bucket-level automatically apply to all the objects in a bucket.

3. If you can’t use IAM Policies, consider other alternatives to ACLs 

ACLs are used for different reasons such as multi-cloud architectures or sharing an object with an individual user. However, Google doesn’t recommend putting end users on object ACLs. 

Consider these alternatives instead: 

  • Signed URLs—Signed URLs allow you to delegate time-limited access to your Cloud Storage resources. When you generate a signed URL, its query string contains authentication information tied to an account with access (e.g. a service account). For example, you could send a URL to someone allowing them to access a document, read it,  with access revoked after one week. 
  • Separate buckets—Audit your buckets and look for access patterns. If you notice that a group of objects all share the same object ACL set, consider moving them into a separate bucket so you can control access at the bucket-level. 
  • IAM conditions—If your app uses shared prefixes in object naming, you could also use IAM Conditions to share access based on those prefixes.
  • Delegation Tokens—You can use STS Tokens to grant time-limited access to Cloud Storage buckets and shared prefixes. 

4. Use HMAC keys for service accounts, not user accounts 

A hash-based message authentication key (HMAC key) is a type of credential used to create signatures included in requests to Cloud Storage. In general, Google suggests using HMAC keys for service accounts rather than user accounts. This helps eliminate the security and privacy implications of relying on accounts held by individual users. It also reduces the risk of service access outages as user accounts could be disabled when a user leaves a project or company.  

To further improve security, Google also recommends: 

  • Regularly changing your keys as part of a key rotation policy.
  • Granting service accounts the minimum access to accomplish a task (i.e. the principle of least privilege). 
  • Setting reasonable expiration times if you’re still using V2 signatures (or migrating to V4 signatures which automatically enforces a maximum one-week time limit). 

To learn more about Cloud Storage and more ways to keep your data safe and compliant, check out Google’s access control documentation.

Identity and Security

Have full control and visibility to manage Google Cloud resources centrally.
Learn More

Share this post

Facebook
Twitter
LinkedIn
Email

Share this post

Facebook Twitter LinkedIn Google + Email

Author

Andika Pratama

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

POINTSTAR SINGAPORE | A CLOUD TRANSFORMATION COMPANY
PointStar Singapore is a leading cloud transformation company based in Singapore that brings businesses great solutions, with a presence across Asia including Malaysia and Indonesia. We offer cutting-edge cloud solutions like email & collaboration, video conferencing, AI chatbot, and machine learning featuring a wide range of products including Google Cloud Platform, Google Workspace, Google Workspace for Education, Google Maps Platform, Oracle NetSuite, Cisco Meraki, AppSheet, Apigee, HelloSign, and Logitech. Furthermore, we enhance these solutions with top-notch services such as infrastructure modernization, installation, change management, and technical support which means you get the best value for your investment. All because we value you as our customer. What are you waiting for? Start your transformation journey by getting a complimentary consultation from us.

Solutions

  • Email And Collaboration
  • Room And Conference
  • Public And Hybrid Cloud
  • API Management
  • CRM Solutions
  • Document Management Systems

Services

  • Cloud Migration
  • Data Analytics
  • Workspace Modernization
  • Managed Services
  • Training Services
  • Technical Support

Partners

  • Google Cloud
  • Oracle NetSuite
  • Logitech
  • Meraki
  • Freshworks
  • Microsoft

About Us

  • Our Team
  • Awards And Accreditation
  • Our Offices
  • Careers
  • Events
Copyright © 2009-2023 PointStar Pte Ltd. All Rights Reserved. Privacy Policy.
PointStar Malaysia PointStar Indonesia PointStar Consulting Alomos e-Store
Facebook Linkedin