Data Encryption
Data in Transit
The service supports only HTTPS communication. The web server is configured to allow only incoming connections protected with TLS 1.2 or higher. A certification authority certificate is used.
Data at Rest
All customers' data hosted in Google Cloud is encrypted using the AES-256 encryption algorithm, including Google Cloud Storage and Cloud SQL Service databases.
Keys Management
Encryption keys are managed using Cloud Key Management Service (KMS). Access to Cloud KMS is restricted by role, and strictly managed. Access to the actual keys is prohibited. Encryption keys are customer-specific and are unique for each customer/tenant. The customer does not have access to the Key Management Service nor to managing the keys in the Google Security Operations SOAR-hosted service environment. Encryption keys are rotated on an annual basis.