Section 4: Data Management - DEEPSEEK

Least Privileged Access

Granting users only the permissions essential for their tasks to minimize security risks.

IAM Basic Roles

Predefined roles (e.g., Viewer, Editor, Owner) offering broad access across Google Cloud services.

IAM Predefined Roles

Granular roles for specific services (e.g., BigQuery Data Viewer, Cloud Storage Admin).

Cloud Storage Access Control

Methods like IAM policies, ACLs, or signed URLs to manage data access permissions.

Public Access

Allowing anonymous users to read/write Cloud Storage buckets (use with caution).

Uniform Access Control

Applying consistent IAM policies across all objects in a Cloud Storage bucket.

Analytics Hub

A service for securely sharing and subscribing to curated datasets across organizations.

Data Sharing Governance

Policies and tools to control how data is shared internally or externally.

Cloud Storage Classes

Storage tiers (Standard, Nearline, Coldline, Archive) optimized for cost and access frequency.

Lifecycle Rules

Automated policies to delete, archive, or downgrade storage class of objects over time.

Retention Requirements

Business or regulatory rules dictating how long data must be preserved.

Object Deletion Rules

Configuring automatic deletion of Cloud Storage objects after a set period.

Data Archiving

Storing rarely accessed data in low-cost services like Archive Storage or Coldline.

High Availability

Designing systems to remain operational during outages (e.g., multi-regional redundancy).

Disaster Recovery

Strategies to restore data after catastrophic events (e.g., backups, cross-region replication).

Backup Solutions

Google-managed options (e.g., Cloud SQL automated backups) or custom snapshots.

Replication Use Cases

Copying data across regions for compliance, latency reduction, or redundancy.

Primary Storage Location

The main region where data is stored and accessed (e.g., regional buckets).

Secondary Storage Location

A backup region for redundancy (e.g., dual-regional or multi-regional buckets).

Regional Redundancy

Storing data in multiple zones within a single geographic region.

Multi-Regional Redundancy

Distributing data globally across regions for maximum availability.

CMEK (Customer-Managed Keys)

Encryption keys managed by the user via Cloud KMS for granular control.

CSEK (Customer-Supplied Keys)

Encryption keys provided by the customer for Cloud Storage object encryption.

GMEK (Google-Managed Keys)

Default encryption keys managed automatically by Google Cloud.

Encryption in Transit

Securing data during transfer using protocols like TLS/SSL.

Encryption at Rest

Protecting stored data using encryption keys (e.g., CMEK, CSEK).

Cloud KMS

A service for managing encryption keys, including rotation and access policies.

GDPR Compliance

Adhering to EU data privacy regulations for user consent and data protection.

CCPA Compliance

Following California Consumer Privacy Act rules for data transparency and opt-out.

Data Sovereignty

Ensuring data is stored and processed in specific geographic locations per legal requirements.

Least Privileged Access

Granting users only the permissions essential for their tasks to minimize security risks.

IAM Basic Roles

Predefined roles (e.g., Viewer, Editor, Owner) offering broad access across Google Cloud services.

IAM Predefined Roles

Granular roles for specific services (e.g., BigQuery Data Viewer, Cloud Storage Admin).

Cloud Storage Access Control

Methods like IAM policies, ACLs, or signed URLs to manage data access permissions.

Public Access

Allowing anonymous users to read/write Cloud Storage buckets (use with caution).

Uniform Access Control

Applying consistent IAM policies across all objects in a Cloud Storage bucket.

Analytics Hub

A service for securely sharing and subscribing to curated datasets across organizations.

Data Sharing Governance

Policies and tools to control how data is shared internally or externally.

Cloud Storage Classes

Storage tiers (Standard, Nearline, Coldline, Archive) optimized for cost and access frequency.

Lifecycle Rules

Automated policies to delete, archive, or downgrade storage class of objects over time.

Retention Requirements

Business or regulatory rules dictating how long data must be preserved.

Object Deletion Rules

Configuring automatic deletion of Cloud Storage objects after a set period.

Data Archiving

Storing rarely accessed data in low-cost services like Archive Storage or Coldline.

High Availability

Designing systems to remain operational during outages (e.g., multi-regional redundancy).

Disaster Recovery

Strategies to restore data after catastrophic events (e.g., backups, cross-region replication).

Backup Solutions

Google-managed options (e.g., Cloud SQL automated backups) or custom snapshots.

Replication Use Cases

Copying data across regions for compliance, latency reduction, or redundancy.

Primary Storage Location

The main region where data is stored and accessed (e.g., regional buckets).

Secondary Storage Location

A backup region for redundancy (e.g., dual-regional or multi-regional buckets).

Regional Redundancy

Storing data in multiple zones within a single geographic region.

Multi-Regional Redundancy

Distributing data globally across regions for maximum availability.

CMEK (Customer-Managed Keys)

Encryption keys managed by the user via Cloud KMS for granular control.

CSEK (Customer-Supplied Keys)

Encryption keys provided by the customer for Cloud Storage object encryption.

GMEK (Google-Managed Keys)

Default encryption keys managed automatically by Google Cloud.

Encryption in Transit

Securing data during transfer using protocols like TLS/SSL.

Encryption at Rest

Protecting stored data using encryption keys (e.g., CMEK, CSEK).

Cloud KMS

A service for managing encryption keys, including rotation and access policies.

GDPR Compliance

Adhering to EU data privacy regulations for user consent and data protection.

CCPA Compliance

Following California Consumer Privacy Act rules for data transparency and opt-out.

Data Sovereignty

Ensuring data is stored and processed in specific geographic locations per legal requirements.