Google Cloud Platform encrypts customer data stored at rest by default, with no additional action required from you
Data in Google Cloud Platform is broken into subfile chunks for storage, and each chunk is encrypted at the storage level with an individual encryption key. The key used to encrypt the data in a chunk is called a data encryption key (DEK). Because of the high volume of keys at Google, and the need for low latency and high availability, these keys are stored near the data that they encrypt. The DEKs are encrypted with (or “wrapped” by) a key encryption key (KEK). Customers can choose which key management solution they prefer for managing the KEKs that protect the DEKs that protect their data.
The summary is that the data is encrypted in transit, and it is stored on encrypted disks on the servers. If you enable local persistence on the device, the on device data is not encrypted.
But administrators of the app can see the data in the Firebase console. If it is a requirement of your app that administrators can't read this data, then you'll need to encrypt it on the client before sending it to Firebase.
references:
https://stackoverflow.com/questions/38788258/encryption-of-data-between-clients-and-firebase-real-time-database
https://cloud.google.com/security/encryption-at-rest/#googles_default_encryption
No comments:
Post a Comment