MyRef: Secure a BigQuery data warehouse that stores confidential data 

Many organizations deploy data warehouses that store confidential information so that they can analyze the data for a variety of business purposes. This document is intended for data engineers and security administrators who deploy and secure data warehouses using BigQuery. It’s part of a security blueprint that’s made up of the following:

  • GitHub repository that contains a set of Terraform configurations and scripts. The Terraform configuration sets up an environment in Google Cloud that supports a data warehouse that stores confidential data.
  • A guide to the architecture, design, and security controls that you use this blueprint to implement (this document).

This document discusses the following:

  • The architecture and Google Cloud services that you can use to help secure a data warehouse in a production environment.
  • Best practices for data governance when creating, deploying, and operating a data warehouse in Google Cloud, including data de-identification, differential handling of confidential data, and column-level access controls.


The confidential data warehouse architecture.
The resource hierarchy for a confidential data warehouse.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *