Compliance in Australia with Assured Workloads

Key Takeaways

hi I'm Chloe a developer advocate for Google cloud and in this video I'll walk you through how you can use assured workloads to support your data residency and other compliance and security requirements in Australia [Music] Google Cloud customers use assured workloads to help protect the sensitive data they store and process on Google Cloud assured workloads enforces security controls and guard rails needed to protect infrastructure while maintaining compliance for customers who wish to establish Australian data residency customers can specify the Google Cloud regions in Australia where their data will be stored and ensure that it will remain there assured workloads implements a Google Cloud platform organization policy that restricts customer data to being stored in a specific region customers can choose from the current cloud regions in Australia Melbourne and Sydney this is coupled with our new assured support service which means that customer support will be provided from only five countries United States Australia Canada New Zealand and the United Kingdom this ensures that only Personnel in one of those locations are allowed to provide support to a regulated customer in Australia this control also restricts access to customer data to individuals who meet this requirement during the resolution of a customer initiated support case through assured workloads controls support meets the requirements of the Australian government's information security registered assessors program and the hosting certification framework which is administered by the Australian government's digital transformation agency let's take a closer look on how to get started with assured workloads for Australia first visit the Google Cloud console at cloud.google.com console before you can set up an assured workloads environment you must select an organization then navigate to the compliance section in the compliance section you will have to create a new assured workloads folder or use an existing assured workloads folder within your organization's Cloud hierarchy for each existing folder you can see its name creation time compliance type data region and labels click create to create a new assured workloads folder you will first need to check that you meet the prerequisites for folder creation this means having access transparency enabled for your organization this provides you an audit trail of support actions a premium subscription to assured workloads this is required for assured workloads for Australia next select the geographic area in which you aim to meet data residency requirements assured workloads offers control in Australia but also in the EU the US and Canada as of today let's pick Australia as you can see assured support provides customers 24 7 access to Google Cloud technical support from five specific countries United States Canada Australia United Kingdom and New Zealand support is provided in the English language it sets data location controls to available Australia regions let's pick Australia regions with assured support and click next specify the Australia region you would like to restrict your workload to select australia-southeast one which corresponds to the Sydney region and click next select the parent folder you registered earlier as the place where your new folder will live then give your assured workloads folder a name and click next the last step is configuring your key management project in key ring this will create a separate Key Management project within your assured workloads folder and a key ring in which to place your keys the key ring sets you up to utilize customer managed encryption keys or externally managed encryption keys click next this brings you to the review section where you can review compliance type details folder name and location as well as supported products click create to create the assured workloads folder now you will see the new assured workloads folder in your list from this point forward any folder or project created inside of this folder will inherit the guardrails you specified now that your folder is created you are able to set up encryption keys you'll see the encryption section which shows you information about the separate Key Management project created for you click on the project name to open it when entering a project inside the assured workloads regulatory boundary customers are presented with a regulatory intercept that warns them about entering sensitive data in the environment and logs their acknowledgment and access to the project now let's take a look at how you can create a cloud resource within your assured workloads folder create a new project within the assured workloads folder you created earlier make sure to set the location appropriately once your project is created select it and acknowledge the compliance agreement navigate to the cloud storage section of the console click create bucket give your bucket a name select the default options for location storage class and access control as you can see we have several options to store our data we can select from different multi-region options however because of the data residency controls we set previously this should not succeed we'll create this bucket and ensure that we're enforcing Public Access prevention this alert lets us know that it is blocking our ability to deploy this bucket in the United States since it violates the constraints for the resource location in other words only a valid region would be a valid selection so if we select the correct dual region you'll see that we're able to create a bucket in a location that aligns with our data residency requirements that we specified when we first created the assured workloads folder at this point any files or objects uploaded to this bucket and their resources will be located in the Sydney region all the currently supported services and assured workloads are listed in our documentation under supported products see our Link in the description to stay current on what's new as we're adding more services regularly so there you have it a walkthrough of how you can get started with assured workloads in Australia to easily deploy supplementary data protection measures for workloads on Google Cloud to learn more visit cloud.google.com assured Dash workloads take a look at the description on this video for more assured workloads resources and to see videos on how to build cloud workloads with compliance in mind thanks for watching thank you [Music]