Regarding security, the data available on Cloud SQL is encrypted within the tables, in temporary files, in backup copies, and during the movements within the Google infrastructure from one server to another using secure network protocols. The platform infrastructure is therefore designed to ensure the security of its data at every stage of information management. No action is required by the user: the data is automatically encrypted by the platform through the compute engine, so all the services provided by it will comply with these requirements.
From a design point of view, the security of the infrastructure on a global scale is organized according to a layered architecture. This architecture allows the safe use of services, data, and communications between services, users, and administrators.
Starting from the lowest level, that is, hardware, we have data centers that Google designs and builds autonomously, accessible only to a small number of employees and monitored by equipment such as metal detectors, video cameras, or biometric identification technologies. Individual data centers are made up of multiple servers connected to a single local network: it is always up to Google to verify that the components, designed by themselves, and their suppliers meet the company's security standards. The individual server machines, individually identified to be easily traceable, are controlled by digital signatures on each individual low-level component and validated at each start-up.
Moving to the software level, every application written and made to run on the platform is run in multiple copies on multiple machines to use the necessary amount of resources for each workload. The software architecture is multi-tenant, in which a single instance of a software runs on a server and serves more tenants (that is, users who share access to the instance). It will be the task of the application to provide to each tenant a dedicated part of the instance. The concept is diametrically opposed to that of the multi-instance architecture, where there are several instances of software each dedicated to the single client.