Google said on Thursday that its Cloud Storage service now automatically encrypts all data before being stored to disk, which is automatically and transparently decrypted when read by an authorized user.
At no additional charge, Google said that every Cloud Storage object’s data and metadata is now encrypted using the AES-128 (128-bit Advanced Encryption Standard), and each encryption key is itself encrypted with a regularly rotated set of master key.
“If you require encryption for your data, this functionality frees you from the hassle and risk of managing your own encryption and decryption keys,” Dave Barth, Product Manager at Google, explained in a blog post. “We manage the cryptographic keys on your behalf using the same hardened key management systems that Google uses for our own encrypted data, including strict key access controls and auditing.”
Users also have the option of managing their own encryption keys and encrypt data themselves prior to writing it to Cloud Storage.
Server-side encryption is already active for all new data written to Cloud Storage, Barth added, whether for creating new objects or overwriting existing objects.
There are no setup, configuration or modifications needed to how users access the service, and no visible performance impact. Older objects will be migrated and encrypted in the coming months, Google said.
Since Edward Snowden revealed details on US surveillance practices, mainly the PRISM program, many concerns have been raised about government access to data stored in the public cloud.
According to a report from The Information Technology and Innovation Foundation (ITIF), the revelations about the NSA obtains electronic data from third-parties will likely have a significant impact on the competitiveness of the U.S. cloud computing industry if foreign customers decide the risks of storing data with a U.S. company outweigh the benefits.
Back in July, Estonia on urged the European Union to rely less on US firms for “cloud” data storage, amid the tensions over claims of US spying and data surveillance.
“Recent months have proven once again that it’s very important for Europe to have its own data clouds that operate strictly under European legislation,” Estonian President Toomas Hendrik Ilves said in a statement at the time.
Because of these security and privacy concerns, the ITIF report said U.S. cloud computing could to lose $22 to $35 billion over the next three years.
While Google must comply with requests for user data when required by law, it has maintained a stance that it does not hand over any encryption keys to authorities.