For a large-scale financial institution deploying machine learning models on GCP for fraud detection, with a stringent policy on data encryption at rest, in transit, and during ML computation, which GCP service or combination of services best aligns with these requirements?
- AI Platform Training with Customer-Managed Encryption Keys (CMEK)
- Data prep for feature engineering and AI Platform Prediction with default encryption
- AI Platform Training with CMEK and Secure ML
- BigQuery ML with CMEK and Data Loss Prevention API
- TensorFlow on GKE with Istio for in-transit encryption
Explanation:
The most suitable choice is AI Platform Training with Customer-Managed Encryption Keys (CMEK) and Secure ML. This combination ensures that the data is encrypted at rest using CMEK, while Secure ML provides additional security during the machine learning computation process. This is vital for a financial institution dealing with sensitive information and needing to adhere to stringent security and compliance standards. AI Platform Training with CMEK allows for the customization of encryption keys, giving the institution control over its data encryption practices. In contrast, other options, such as using default encryption, BigQuery ML, or TensorFlow on GKE, might not fully meet the comprehensive encryption requirements (at rest, in transit, and during computation) as specified by the institution for its fraud detection models.