谷歌云数据工程师考试 - Encryption 复习笔记

2018-08-15  本文已影响0人  塞小娜

Encryption(加密)在谷歌云数据工程师考试中只有很少的题量,但是也是复习的一个点。

小娜学习后强烈推荐谷歌官方的演讲视频(英文):
https://www.youtube.com/watch?v=StJ1NOQjAjo

视频演讲人是谷歌security的产品经理,讲解由浅入深,比起documentation不知从什么地方开始捋实在是好了很多。

小姐姐语速比较快,所以小娜截了几张重要的图,跟大家分享:

Screen Shot 2018-07-14 at 7.08.47 pm.png

谷歌云默认data at rest是有encrypt的,分为三种:

  1. Default Google encryption
    -> created by Google
    -> managed by Google
    -> by default

  2. Customer-managed encryption keys (CMEK)
    -> created by Google
    -> managed by customer
    -> generally available

  3. Customer-supplied encryption keys (CSEK)
    -> supplied by customer
    -> managed by Google
    -> available for GCE and GCS only

Screen Shot 2018-07-14 at 9.44.49 pm.png Screen Shot 2018-07-14 at 9.46.38 pm.png

KEKs are located on Key Management Service (KMS)

Screen Shot 2018-07-14 at 9.52.44 pm.png Screen Shot 2018-07-14 at 9.58.32 pm.png Screen Shot 2018-07-14 at 10.10.23 pm.png

Key rotation:
-> automatic: rotate per say 30 days
-> manual: call API, or on UI

Separation of duties:
The people who set the encryption keys are not the people who use the encryption keys

Screen Shot 2018-07-14 at 10.17.48 pm.png Screen Shot 2018-07-14 at 10.25.01 pm.png
上一篇下一篇

猜你喜欢

热点阅读