Spacewell and its cloud partner Google have many rules, regulations, contracts, and policies to ensure your data is always safe and cannot be accessed How Google protects your data. By default, all data at rest is encrypted. This means that even if Google personnel were to gain access to your data, they would not be able to read it. For 95% of Spacewell's clients, the default encryption provided by Spacewell and its cloud partner, Google, is sufficient.
While extended encryption offers additional security benefits, weighing those advantages against potential drawbacks for your specific use case with Spacewell in the Google Cloud Platform (GCP) is important. Here's a breakdown of why extended encryption might be considered overkill:
Limited Impact on Patriot Act Concerns:
Strong Cloud Provider Protections: Google, like other major cloud providers, has robust legal teams and established procedures to resist government data access requests, mainly when data resides in the EU and could violate GDPR. The Patriot Act's reach is debatable in such cases.
Focus on Data Minimization: Spacewell only stores the minimum amount of client data necessary. This minimizes the potential impact of any data access attempt.
Audit vs. GCP Security:
GCP's Built-in Monitoring: GCP offers comprehensive logging and monitoring capabilities that detail user access to data. This allows Spacewell to track access and detect suspicious activity without extended encryption for auditing purposes.
Compliance Considerations:
GCP's Compliance Certifications: GCP adheres to a wide range of industry regulations, including many relevant to the building management sector. Utilizing GCP's built-in security features often satisfies compliance requirements without extended encryption.
Security Benefits:
GCP's Defence-in-Depth Approach: GCP employs multiple layers of security, including encryption at rest and in transit. Even in a breach scenario, attackers face significant hurdles before accessing data.
Focus on Shared Responsibility: Security is a shared responsibility between Spacewell and GCP. By leveraging GCP's robust security measures, Spacewell can ensure a solid security posture without extended encryption.
Key Management Complexity:
Increased Management Burden: Managing your encryption keys adds complexity. Key rotation, access control, and potential revocation require dedicated resources and expertise that might not be necessary with GCP's KMS.
The Takeaway:
For Spacewell Workplace, leveraging GCP's default encryption along with its robust security features and compliance certifications might be sufficient to ensure high data security. Extended encryption offers additional control but comes with increased complexity and may not significantly address concerns like the Patriot Act due to existing legal protections.
Recommendation:
Carefully evaluate your specific security needs and compliance requirements. Discuss your concerns with Spacewell security experts to determine if extended encryption is necessary for your solution. In the following chapters, we will elaborate further on the possibilities Spacewell and its cloud partner Google offer to be in tighter control of your data. Please note the solutions discussed in the further chapters are not available off-the-shelf and hence require specific dedicated time from both Spacewell experts and security experts at your side.