IL-SUNG LEE: Hi. My name is Il-Sung Lee. And I'm a product manager for the Google Cloud Platform. I'm here to discuss our External Key Management product or Cloud EKM for short. And along with me, I have Anand Kashyap up from Fortanix to talk about their integration with Cloud EKM. 

Thanks for being here, Anand.

ANAND KASHYAP: Thanks for having me.

IL-SUNG LEE: With Cloud EKM, you can now use and store encryption keys outside of Google to help protect your data in BigQuery, Compute Engine, as well as the direct symmetric key encryption   with Cloud KMS. So Anand, how would I protect my data in BigQuery with the key that's managed in Fortanix?

ANAND KASHYAP: Sure, Il-Sung. Let me show you what we have done together. So with this integration, you can manage your cryptographic keys outside GCP but use them inside GCP. And as a customer, you get complete control of your keys throughout its lifecycle. So let's dive in.

IL-SUNG LEE: So, I see we have an instance of BigQuery already set up. I assume that this instance is using a key in Fortanix SDKMS to protect the data.

ANAND KASHYAP: Yes, that's right. Let me run a query to show that everything is working as expected.

IL-SUNG LEE: Well, that just shows that BigQuery is operating normally. How do we know that the data at rest is actually being protected by Fortanix key?

ANAND KASHYAP: That's easy. Let me show you what happens when I go to the Fortanix console and disable the key. Now let's run the query again.

IL-SUNG LEE: That was really easy. But what would you say is the biggest benefit for customers who want to host their keys outside of Google?

ANAND KASHYAP: So, the biggest benefit for customers is that they can have complete control over their keys, even when they're bringing their most sensitive data and workload into the Google Cloud.This is a level of control that was never available before. And now it's available in GCP.Several organizations are looking to move their data and workload into the public cloud.But they're held back because of compliance reasons or regulatory reasons or maybe some customers are still early in their cloud migration journey, and they're not comfortable with the cloud holding onto their keys.With this integration, those organizations can move to the cloud, move the data to the cloud, but still get the same level of security for their keys that they're used to in their own on-prem environments.

IL-SUNG LEE: I think I would have to completely agree. What is the advantage for a customer to use Fortanix's integration with Cloud EKM?

ANAND KASHYAP: The biggest benefit for customers, or the biggest advantage for customers is that they still get the same level of control over their key that they're used to in their on-prem environment. And with Fortanix-managed keys, they get three things. They get simplicity - As you saw in the demo, it's very easy. With just a few clicks, you can get the integration done, and you can start using a Fortanix-managed key in Google.The second thing is security - The product is built using the runtime encryption platform that we have built, using the Intel SGX Secure Enclave technology. So, your keys are protected at all times.The third thing you get is scalability - So we have built a distributed architecture, where the keys are replicated. And we have an infinitely scalable architecture. As your requirements increase, you can still manage your keys in Fortanix.

IL-SUNG LEE: That sounds great. So how would customers find out more about this?

ANAND KASHYAP: Customers can visit us at And they can also send us an email at We can show them a live demonstration, or they can sign up for a Fortanix account and a GCP account and they can do - test drive the entire integration by themselves.

IL-SUNG LEE: Well, thanks, Anand. I'd like to thank Fortanix for visiting us today and demonstrating their integration with Cloud EKM.If you'd like more information on Cloud EKM, please visit us at


Related Reading