Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Google Adds Server-side Encryption to Cloud Storage

Google said on Thursday that its Cloud Storage service now automatically encrypts all data before being stored to disk, which is automatically and transparently decrypted when read by an authorized user.

Google said on Thursday that its Cloud Storage service now automatically encrypts all data before being stored to disk, which is automatically and transparently decrypted when read by an authorized user.

At no additional charge, Google said that every Cloud Storage object’s data and metadata is now encrypted using the AES-128 (128-bit Advanced Encryption Standard), and each encryption key is itself encrypted with a regularly rotated set of master key.

“If you require encryption for your data, this functionality frees you from the hassle and risk of managing your own encryption and decryption keys,” Dave Barth, Product Manager at Google, explained in a blog post. “We manage the cryptographic keys on your behalf using the same hardened key management systems that Google uses for our own encrypted data, including strict key access controls and auditing.”

Users also have the option of managing their own encryption keys and encrypt data themselves prior to writing it to Cloud Storage.

Server-side encryption is already active for all new data written to Cloud Storage, Barth added, whether for creating new objects or overwriting existing objects.

There are no setup, configuration or modifications needed to how users access the service, and no visible performance impact. Older objects will be migrated and encrypted in the coming months, Google said.

Since Edward Snowden revealed details on US surveillance practices, mainly the PRISM program, many concerns have been raised about government access to data stored in the public cloud.

According to a report from The Information Technology and Innovation Foundation (ITIF), the revelations about the NSA obtains electronic data from third-parties will likely have a significant impact on the competitiveness of the U.S. cloud computing industry if foreign customers decide the risks of storing data with a U.S. company outweigh the benefits.

Advertisement. Scroll to continue reading.

Back in July, Estonia on urged the European Union to rely less on US firms for “cloud” data storage, amid the tensions over claims of US spying and data surveillance.

“Recent months have proven once again that it’s very important for Europe to have its own data clouds that operate strictly under European legislation,” Estonian President Toomas Hendrik Ilves said in a statement at the time.

Because of these security and privacy concerns, the ITIF report said U.S. cloud computing could to lose $22 to $35 billion over the next three years.

While Google must comply with requests for user data when required by law, it has maintained a stance that it does not hand over any encryption keys to authorities.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Mike Byron has been named Chief Financial Officer (CFO) at Exabeam.

Ex-GitHub chief technology officer Mike Hanley has joined GM as CISO.

Network security and compliance assurance firm Titania has appointed Victoria Dimmick as CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.