Spacewell and its cloud partner Google have many rules, regulations, contracts, and policies in place to ensure your data is always safe and cannot be accessed (link terug naar chapter 3). By default, all data at rest is encrypted. This means that even if Google personnel were to gain access to your data, they would not be able to read it. For 95% of Spacewell’s clients, the default encryption provided by Spacewell, and its cloud partner Google is sufficient.
While extended encryption offers additional security benefits, it's important to weigh those advantages against potential drawbacks for your specific use case with Spacewell in the Google Cloud Platform (GCP). Here's a breakdown of why extended encryption might be considered overkill:
Limited Impact on Patriot Act Concerns:
Strong Cloud Provider Protections: Google, like other major cloud providers, has robust legal teams and established procedures to resist government data access requests, especially when data resides in the EU and could violate GDPR. The Patriot Act's reach is debatable in such cases.
Focus on Data Minimization: Spacewell is storing only the minimum amount of client data necessary. This minimizes the potential impact of any data access attempt.
Audit vs. GCP Security:
GCP's Built-in Monitoring: GCP offers comprehensive logging and monitoring capabilities that detail user access to data. This allows Spacewell to track access and detect suspicious activity without needing extended encryption for auditing purposes.
Compliance Considerations:
GCP's Compliance Certifications: GCP adheres to a wide range of industry regulations, including many relevant to the building management sector. Utilizing GCP's built-in security features often satisfies compliance requirements without the need for extended encryption.
Security Benefits:
GCP's Defence-in-Depth Approach: GCP employs multiple layers of security, including encryption at rest and in transit. Even in a breach scenario, attackers would face significant hurdles before accessing data.
Focus on Shared Responsibility: Security is a shared responsibility between Spacewell and GCP. By leveraging GCP's robust security measures, Spacewell can ensure a strong overall security posture without needing extended encryption.
Key Management Complexity:
Increased Management Burden: Managing your own encryption keys adds complexity. Key rotation, access control, and potential revocation require dedicated resources and expertise that might not be necessary with GCP's KMS.
The Takeaway:
For Spacewell Workplace, leveraging GCP's default encryption along with its robust security features and compliance certifications might be sufficient to ensure a high level of data security. Extended encryption offers additional control, but it comes with increased complexity and may not significantly address concerns like the Patriot Act due to existing legal protections.
Recommendation:
Carefully evaluate your specific security needs and compliance requirements. Discuss your concerns with Spacewell security experts to determine if extended encryption is truly necessary for your solution. In the following chapters, we will elaborate further on the possibilities Spacewell and its cloud partner Google offer to be in tighter control of your data. Please note the solutions discussed in the further chapters are not available off-the-shelve and hence require specific dedicated time from both Spacewell experts as security experts at your side.
Why extend default encryption?
What extended encryption options are available? (Prijs kolom eruit laten)
How Cloud HSM works
How Cloud EKM & EHSM works
Cloud HSM VS Cloud EKM
Data encryption diagram