Share

Google will now let cloud partners hold their own encryption keys

Google didn’t mention whether it plans to extend this feature to any of its other Cloud Platform services. For those who take advantage of the option, their Google Compute Engine encryption keys will be deleted from Google’s once they’re passed on to the user end.

Advertisement

Customer-Supplied Encryption Keys (CSEK) over all forms of data used in Google’s Compute Engine, including data volumes, boot disks and SSDs, plus it’s free, because Google believes giving you control shouldn’t cost anything extra.

Customers are able to create and hold the keys, determining when data is active or on downtime, but Google does not retain them. Google already encrypts data on the platform, but it manages the keys itself, leading to concern among some that the company could be compelled to decrypt the data without the user’s permission.

“Security is as a lot about management as it’s about knowledge safety”, Google product supervisor Leonard Law writes immediately.

Jacob Ginsberg, senior director of Echoworx, criticises the new development by stating it, “Will only affect businesses that use Google to host custom applications”. It’s available in beta and applies to Google Compute Engine (GCE) data only.

Advertisement

“We don’t read your email”. This shot at Google heavily implies that the company could snoop on its customers. “We’re not listening to conversations in your house, driving cars up and down the street to do so”, Chief Operating Officer Kevin Turner said last week. Quite the opposite. The search giant uses industry-standard AES-256 bit keys to safeguard the data kept in its cloud and follows strict security procedures that directly contribute to the fact that the platform has not experienced so much as a single major breach in the seven years since its launch. Another note of caution is that the organization will have to be careful in managing its keys; a Google blog post makes it clear that if the keys are lost, Google can not help with recovering the keys or the data.

New beta has recently been added to the Google Cloud Platform