Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Google Adds Server-side Encryption to Cloud Storage

Google said on Thursday that its Cloud Storage service now automatically encrypts all data before being stored to disk, which is automatically and transparently decrypted when read by an authorized user.

Google said on Thursday that its Cloud Storage service now automatically encrypts all data before being stored to disk, which is automatically and transparently decrypted when read by an authorized user.

At no additional charge, Google said that every Cloud Storage object’s data and metadata is now encrypted using the AES-128 (128-bit Advanced Encryption Standard), and each encryption key is itself encrypted with a regularly rotated set of master key.

“If you require encryption for your data, this functionality frees you from the hassle and risk of managing your own encryption and decryption keys,” Dave Barth, Product Manager at Google, explained in a blog post. “We manage the cryptographic keys on your behalf using the same hardened key management systems that Google uses for our own encrypted data, including strict key access controls and auditing.”

Users also have the option of managing their own encryption keys and encrypt data themselves prior to writing it to Cloud Storage.

Server-side encryption is already active for all new data written to Cloud Storage, Barth added, whether for creating new objects or overwriting existing objects.

There are no setup, configuration or modifications needed to how users access the service, and no visible performance impact. Older objects will be migrated and encrypted in the coming months, Google said.

Since Edward Snowden revealed details on US surveillance practices, mainly the PRISM program, many concerns have been raised about government access to data stored in the public cloud.

According to a report from The Information Technology and Innovation Foundation (ITIF), the revelations about the NSA obtains electronic data from third-parties will likely have a significant impact on the competitiveness of the U.S. cloud computing industry if foreign customers decide the risks of storing data with a U.S. company outweigh the benefits.

Back in July, Estonia on urged the European Union to rely less on US firms for “cloud” data storage, amid the tensions over claims of US spying and data surveillance.

“Recent months have proven once again that it’s very important for Europe to have its own data clouds that operate strictly under European legislation,” Estonian President Toomas Hendrik Ilves said in a statement at the time.

Because of these security and privacy concerns, the ITIF report said U.S. cloud computing could to lose $22 to $35 billion over the next three years.

While Google must comply with requests for user data when required by law, it has maintained a stance that it does not hand over any encryption keys to authorities.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...