If you work with data and build a data warehouse you probably have some sensitive data that you want to keep secured.
While BigQuery encrypts all the data before it is written to the disk, once you have read access to the tables you can have full visibility of the data, including sensitive data and PII.
In this talk, we will describe a use case that shows how you can create a secure end-to-end process that encrypts at the application level the data before inserting it into BigQuery and allow users to decrypt it only in query time without the need of knowing the actual encryption key.
We will discuss important principles of data pipeline protection and we will see which out-of-the-box tools BigQuery provides us in order to perform such tasks.
Even if you don't use BigQuery as your data warehouse solution, you may still benefit from this talk, as you might get ideas on how to implement such principles on your own data platform.