Blah...
And every layer of security will have a back door that will search, index and file your content.
At the Google Cloud Next conference in London today the adtech company's enterprise tech arm declared that business clients would soon enjoy location restriction policies and other new tools of control freakery on Google Cloud Platform (GCP). Google, photo by lightpoet via Shutterstock What's holding you back from Google …
...which is why Google still does not support at-rest encryption of the data stored on its cloud. You'll need to add a third-party plugin like Syncdocs https://syncdocs.com to encrypt your files on Google Drive.
How Google plan on restricting access to certain regions is unknown. Will they do it via an IP geolocation database, or via the Google user's self-reported country?
"...which is why Google still does not support at-rest encryption of the data stored on its cloud"
- except your statement couldn't be more wrong as Google has always provided encryption at rest for all data:
https://cloud.google.com/security/encryption-at-rest/
If you want to manage your own encryption keys then that's not universally supported on all products, but show me a public cloud that does.
And the case of locking out a user based upon a location which they are most definitely not. True, that could be considered the user's fault, thus requiring a change in VPN apparent location but the prevalence of VPN's is increasing and not all users are really aware of complications that can result. It took quite a while (read years) to convince my bank that my machine was all over the planet.
This piece is more noticeable for what it omits that for what it says.
The thing that most surprised me is that, although it seems that you can lock things regionally so that system management and access are restricted to a particular geographic region, it doesn't say what, exactly, this means. Is a region a continent? the EU? a country? a region within a country? a city? a building with a postal address? All or none of these? Can the same restrictions apply to the location of stored data, i.e. can I configure things so that, as an EU or UK based data controller, I can be guaranteed that my data will never be stored on UASian servers?
And last but not least, there's no reference to how this data storage and access scheme maps onto the GDPR. It would be interesting to know if this question was asked and, if it was, what the response was.
I've read the article together with the Google document it links to and the relevant document that the latter links to, but none of these mentions GDPR or covers user control over data storage location in other than the most general terms: neither of the linked documents give any more detail than El Reg's write-up.
A region is like an AWS region - essentially a data center campus comprising 3 or more isolated availability zones.
You can already define one or more regions where resources like databases reside if you want to keep your data outside of the US, for example. This announcement (which I wasn't at) seems to add restrictions to, say, prevent users accessing that data from outside your region, or creating resources in the US. For example.
This post has been deleted by its author