Bucket Protector
Bucket Protector reduces the surface area for cybersecurity attacks, reducing the risk to the organization using this utility function while ensuring FIPS, PCI DSS, and HIPAA compliance when migrating workloads from other Cloud Service Providers onto Google Cloud.
Trusted By
Common Components
Platform
Bucket Protector is developed in Java and migrates data to the Cloud for automatic deidentification or encryption.
Data Masking
Offers a range of data protection techniques, including FPE, character masking, replacement, and redaction.
Integration
It allows users to import data from GCP, any Cloud Service, or a local computer and integrates with services like Cloud Storage, Cloud DLP API, and Cloud KMS or CloudHSM.
Key Management
Manages encryption keys securely using Cloud KMS or CloudHSM, with key metadata captured in a JSON file.
Compliance
Helps enforce data protection policies consistently and stay compliant with regulations like FIPS, PCI-DSS, HIPAA, and GDPR.
Provided
Features
| Features | Open Source | Enterprise Features |
|---|---|---|
| Redaction |
|
|
| Replacement |
|
|
| Masking |
|
|
| Format Preserving Encryption |
|
|
| Software-based Key generation |
|
|
| Key Management in Google Cloud Platform |
|
|
| Logging |
|
|
| Enhanced Key Protection using nCipher, Thales , Utimaco and Futurex HSM |
|
|
| 24*7 Customer Support |
|
|
| FIPS 140-2 Level 3 Compliant |
|
|
How does it work?
When a user transfers files to a designated Google Cloud Storage bucket, it triggers the Bucket Protector Google Cloud Function. This function automatically accesses the Google Cloud Data Loss Prevention (DLP) and Key Management Service (KMS) APIs. Based on the pre-configured settings, the data is then deidentified (using methods like masking, redaction, or replacement) or encrypted using Format Preserving Encryption (FPE). Finally, the protected data is stored back into the Google Cloud Storage bucket, ensuring your sensitive information is secured seamlessly.
