Data encryption and registration
Effective Date: May, 2018.
We log all platform API requests, such as web requests and access to storage segments and user accounts. Thanks to the Cloud Platform tools, we can read operations and access logs from Compute Engine, App Engine, BigQuery, Cloud SQL, Deployment Manager, Cloud VPN and Cloud Storage.
Cloud Platform services always encrypt the content of the clients that are stored at rest, without having to take any action. For this purpose, one or more encryption mechanisms are used, with some minor exceptions. For example, new data that is stored on persistent disks is encrypted by the 256-bit advanced encryption standard, and each encryption key is encrypted in turn with a set of master keys that it rotates periodically. Nextinit data (and its clients) uses the same encryption and encryption key policies, cryptographic libraries, and trusted “roots” that are used for many of Google’s production services, such as Gmail, and for their own Google corporate data.