what are the security features in BigQuery?

Question

I explored that BigQuery will take care of encrypting the data.

I would like to know about what are the security features that we need to take care when we need to work with BigQuery?

Answer 1

This is a general question as you do not specify what exactly you want to achieve. BigQuery have a few security mechanisms:

In general all data in GCP is encrypted at rest, however you can also use Cloud KMS keys to encrypt it differently.

Cloud KMS keys used to protect your data in BigQuery are AES-256 keys. These keys are used as key encryption keys in BigQuery, in that they encrypt the data encryption keys that encrypt your data.

BigQuery also supports Cloud DLP which protects you from showing sensitive data.

Cloud DLP is a fully managed service that lets Google Cloud customers identify and protect sensitive data at scale. Cloud DLP uses more than 100 predefined detectors to identify patterns, formats, and checksums. Cloud DLP also provides a set of tools to de-identify your data including masking, tokenization, pseudonymization, date shifting, and more, all without replicating customer data.

In BigQuery documentation, you have Securing BigQuery resources chapter with Predefined roles and permissions, Column-level security and few more. Depending on your needs you can choose how you want to secure it.

In addition, you can find also some guidelines in the internet like:

• Hardening GCP BigQuery security: access controls explained
• How To Control Access To BigQuery At Row Level With Groups