Security
Striim for BigQuery is deployed as a Google Kubernetes Engine (GKE) pod on Google Cloud Platform (GCP). Much of the security for Striim for BigQuery, such as data encryption at rest, comes from the security infrastructure provided by GKE and GCP. For more information, see Google Kubernetes Engine (GKE) > Documentation > Guides > Security overview
User metadata is stored in the GKE pod. This metadata can be accessed only by Striim DevOps personnel, and all such access generates an audit trail. Sensitive data including BigQuery service account keys, source database passwords, and SSL keys and passwords are not accessible to DevOps personnel.
Authentication
BigQuery authorizes access to resources based on a verified client identity. Striim for BigQuery uses the Google service account associated with your BigQuery project to access its API. You will grant required roles or permissions to your service account, and upload the service account key to Striim. See Connect to BigQuery for details on BigQuery roles and permissions.
Striim for BigQuery's default password policy enforces character variety and minimum length. Each individual user can change the password for their own account. Regardless of privilege level, no user account can manage the password for another account.
Access control
What users can access and do in Google for BigQuery is controlled by roles. For more information, see Add users.
Encryption between services
All communication between your Striim Cloud Consoile and your Striim for BigQuery instances is encrypted using Transport Layer Security (TLS) 1.2.
REST API
REST API keys are specific to individual users and not accessible to other users or Striim DevOps personnel. An audit trail tracks all actions taken through the API for each user.