Many organizations deploy data warehouses that store confidential information so that they can analyze the data for a variety of business purposes. This document is intended for data engineers and security administrators who deploy and secure data warehouses using BigQuery. It’s part of a security blueprint that’s made up of the following:
- A GitHub repository that contains a set of Terraform configurations and scripts. The Terraform configuration sets up an environment in Google Cloud that supports a data warehouse that stores confidential data.
- A guide to the architecture, design, and security controls that you use this blueprint to implement (this document).
This document discusses the following:
- The architecture and Google Cloud services that you can use to help secure a data warehouse in a production environment.
- Best practices for data governance when creating, deploying, and operating a data warehouse in Google Cloud, including data de-identification, differential handling of confidential data, and column-level access controls.