An Overview on Amazon Redshift and Google BigQuery Security

Posted by tina on December 8, 2016 Data Governance

[Editor’s Note: This is our sixth installment in our “Data Warehouse Blog Series.” In our previous installment, we analyzed how Amazon Redshift and Google BigQuery handle maintenance. Click here to read our previous post Warehouse Maintenance: Amazon Redshift and Google BigQuery.]

As both Amazon Redshift and Google BigQuery are petabyte-scale, cloud-based data warehouses, they both possess their own set of parameters when tackling end-to-end security for their customers. Data warehouses require a flexible and powerful security infrastructure and operate with scalable requirements. Both Amazon Redshift and Google BigQuery (alongside their parent ecosystems) take security very seriously but handle it in different ways.

Amazon Redshift

As an Amazon Redshift user, you’re able to manage security for your data warehouse in a multitude of ways, including encrypting your workloads end-to-end to protecting access to your cluster, managing overall access to specific users and leveraging your own hardware security module (HSM, either on-premise or via AWS servers fully-managed service). For the purposes of this whitepaper, we’ll focus on a few:

  • Virtual Private Cloud (VPC): To protect access to your cluster by using a virtual networking environment, you can launch your cluster in an Amazon VPC.

  • SSL connections: To encrypt the connection between your SQL client and your cluster, you can use SSL encryption.

  • Cluster encryption: To encrypt data in all your user-created tables, you can enable cluster encryption when you launch the cluster.

Enterprise customers such as NASDAQ, Finra and NTT Docomo have relied on Amazon Redshift for years and have accumulated petabyte-scale because of its security and compliance. For a full list on how to manage security within Amazon Redshift, read their Security Overview documentation.

Google BigQuery

Much like the entire Google Cloud Platform, Google BigQuery also encrypts all data at rest by default. Data encryption is a process that takes readable data as input and transforms it into an output that reveals little to no information about the input.

For the Google Cloud platform ecosystem, encryption at rest reduces attacks and allows systems, like a Business Intelligence tool, to manipulate data for analysis without providing access to content.

For the Google Cloud Platform, “encryption at rest reduces the surface of attack by effectively ‘cutting out’ the lower layers of hardware and software stack. For a full overview on Google Cloud Platform’s Security and Compliance, read their documentation.


Both AWS and Google Cloud Platform consider security a high priority for their customers. With that, both offer a variety of complementary services which can ensure your data warehouse is securely stored, transported and secured from unauthorized access. Many companies, both large and small, trust Google and Amazon to store and process their most sensitive data.

In our next installment of our series, we’ll analyze the cost differences between Amazon Redshift and Google BigQuery. To learn how companies like Everlane and Reddit are leveraging data warehouses for hyper-growth, download our white paper What to Consider When Choosing Between Amazon Redshift and Google BigQuery now.

Sign up to get news and analysis in your inbox