Encryption of Data at Rest and in Transit

Our application, built on Python Flask and React, ensures the security of data through comprehensive encryption practices:

  1. Data at Rest:
    • Cloud SQL: All data stored, including backups and temporary files, is encrypted at rest using Google-managed keys by default.
    • App Engine: Data managed by App Engine, such as application logs and datastore contents, is secured with default encryption at rest via Google-managed keys.
    • Cloud Functions: Data produced and stored by Cloud Functions, including execution logs and environment variables, is automatically encrypted at rest using Google-managed keys.
    • Cloud Storage: All stored objects are encrypted at rest using Google-managed keys by default, ensuring robust protection.
  2. Data in Transit:
    • All communications within our application, both external facing and internal, occur over HTTPS, ensuring that data transmitted between clients and servers is encrypted and secure against interception. This includes interactions from the web front end built with React to the back-end services running on Python Flask.
    • Our deployment in the App Engine Standard Environment benefits from Google’s built-in network security and encryption capabilities, ensuring that all data in transit is protected by the same robust standards.

By leveraging Google Cloud’s default encryption practices and secure communication protocols, we provide a secure environment for both storing and transmitting data. This adherence to security best practices ensures that our application meets industry standards for data protection.