Google Expands Cloud Encryption Options
Responding to growing concerns about cloud security and data governance across different platforms, Google is expanding its cloud security options with the release of encryption key management service.
The Cloud Key Management Service is intended to broaden encryption options on the Google Cloud Platform as the shift to multi-tenant cloud services expands. Google (NASDAQ: GOOGL) said Wednesday (Jan. 11) the service would allow cloud customers to store and manage server-side encryption keys on the Google Storage Cloud or on premises.
The key management service is currently in beta testing. The company noted that it has long used HTTPS to encrypt customer data but plans to offer the new key management service to enterprise customers.
The service allows management of encryption keys based on crypto algorithms used to both encrypt and decrypt data. The symmetric keys used to protect stored data could be used either on the Google Cloud Platform or in an enterprise datacenter, the company explained in a blog post.
Users "can create, use, rotate and destroy keys via our Cloud KMS API, including as part of a secret management or envelope encryption solution," added Maya Kaczorowski, a Google product manager.
The cloud provider is betting that customers in regulated industries such as financial and healthcare will embrace hosted key management services as they struggle to comply with expanding data governance rules. Along with protecting encryption keys, the hosted service is touted as scalable while being easier to maintain and audit. It also would allow users to expand encryption of sensitive data.
The new service uses the Advanced Encryption Standard in a mode of operation called Galois/Counter, which is the same encryption library the search giant uses to encrypt internal data in Google Cloud Storage. The approach is designed to continually check for security holes, and incorporates a new open-source testing tool called Project Wycheproof. Developed and maintained by Google's security team, the tool is used to test cryptographic libraries against known cyber attacks.
The Google cloud currently offers data encryption by default. The new key management service allows keys to be stored in the cloud or retained on-premises to secure cloud services. That option is seen as important as enterprises shift to multiple clouds as a way to prevent vendor lock-in.
The encryption service also helps Google keep pace and differentiate its cloud services from rivals Amazon Web Services (NASDAQ: AMZN) and Microsoft Azure (NASDAQ: MSFT), which offer similar key management tools.