Encryption at rest in Elastic Cloud: Bring your own key with Google Cloud

Elastic Cloud has introduced a feature allowing users to implement encryption at rest on Google Cloud using their own encryption keys via Google Cloud Key Management Service (KMS). This process, known as Bring Your Own Key (BYOK), requires users to have the appropriate Google Identity and Access Management (IAM) permissions to create and manage their keys within a Google Cloud key ring in the same region as their Elastic deployment. An Enterprise license is necessary for BYOK, and users must ensure they have access control permissions to manage their new key resources. The setup involves creating a Google Cloud key, granting necessary permissions to Elastic service accounts, and completing the Elastic deployment with the specified key. Verification, key rotation, and revocation processes are managed through Google Cloud KMS, with Elastic Cloud responding within a day to key rotations and within 30 minutes to key revocations. This integration enhances the security of Elastic Cloud deployments by allowing users to control their encryption keys.