The feature lets users create and hold the keys, determine when data is active or “at rest”, and prevent anyone accessing their at-rest data within the Google Cloud Platform.
Advertisement
“With Customer-Supplied Encryption Keys, we are giving you control over how your data is encrypted with Google Compute Engine”, Leonard Law, product manager for Google Cloud Platform for Enterprise, wrote in a blog post. The key used is of the 256-bit Advanced Encryption Standard, and every key in itself can also be encrypted with a frequently rotated set of grasp keys.
While Google doesn’t routinely monitor buyer knowledge on the Google Cloud, as Turner might have insinuated, the choice of…
Available in beta, the Customer-Supplied Encryption Keys are accessible in select countries via the Google Cloud Developers Console, API and command-line tool Gcloud.
That is probably a serious concern for individual users, but for companies handling sensitive data on the Google Compute Engine, it’s probably a manageable risk that is worth taking. This will enable you to bring your own keys to encrypt compute resources, the company says. “Customer-Supplied Encryption Keys marries the hardened encryption framework built into Google’s infrastructure with encryption keys that are owned and controlled exclusively by you”.
Advertisement
One customer looking forward to testing this option is Sungard Consulting Services, which uses GCE to run a customer service processing high-volume financial market transactions. “With Customer-Supplied Encryption Keys, we can independently control data encryption for our clients without incurring additional expenses from integrating third-party encryption providers. This control is critical for us to realize the price/performance benefits of the cloud in a highly regulated industry”. Google can’t help them if the keys are lost, or if users suffer their own security breaches.
