Google: Lock up your Compute Engine data with your own encryption keys

28 Jul 2015 | Author: | No comments yet »

Google Compute Engine now lets you bring your own encryption keys, free of charge.

The feature, officially named Customer-Supplied Encryption Keys, is available for free in beta in Canada, France, Germany, Japan Taiwan, the United Kingdom, and the U.S. “You create and hold the keys, you determine when data is active or at rest, and absolutely no one inside or outside Google can access your at rest data without possession of your keys,” Google product manager Leonard Law wrote in a blog post today. “Google does not retain your keys, and only holds them transiently in order to fulfill your request.” Amazon Web Services, the biggest cloud infrastructure provider, introduced bring-your-own-key capability for its S3 storage service last year.Starting today, developers who use Google’s Compute Engine infrastructure as a service platform will be able to bring their own security keys to the service.

Google’s announcement today is different in the sense that it’s enabling customers to use their own encryption keys for compute resources such as virtual machines. For those who take advantage of the option, their Google Compute Engine encryption keys will be deleted from Google’s once they’re passed on to the user end. Google already encrypts data on the platform, but it manages the keys itself, leading to concern among some that the company could be compelled to decrypt the data without the user’s permission.

It’s a security boost, effectively allowing for the decentralization of encryption keys and preventing them from being hacked in a security breach on Google’s servers. There remains the possibility that they could still be hacked at other vulnerable moments, such as when they’re generated or when data that hasn’t yet been encrypted is sent to Google; but overall this offers an important extra layer of security.

The program is similar to the key management system Box launched in February, although the Google program focuses on computing features rather than storage. Giving its cloud customers their own keys would give them more control of their security and close a feature gap with Amazon and Box and, potentially, attract more customers. As a Google spokesperson told us, the company expects that it will mostly be large organizations in heavily regulated industries like financial services and healthcare will make use of this feature. Though users will have greater control, they should keep in mind what that means: If a customer loses the encryption keys, it’s game over — Google says it can’t help you access the lost keys or encrypted data.

Organizations are handling increasing amounts of important data online, and as serious hack attacks drag more of it out into the open, concerns are growing about security.

Here you can write a commentary on the recording "Google: Lock up your Compute Engine data with your own encryption keys".

* Required fields
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site