Google's Cloud Lets You Bring Your Own Encryption Keys - InformationWeek
IoT
IoT
Cloud // Infrastructure as a Service
News
8/3/2016
10:06 AM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google's Cloud Lets You Bring Your Own Encryption Keys

By supplying their own encryption keys, organizations can reduce the chance that an outside party will be able to gain access to their data, at least while it's at rest. Now Google's cloud platform offers the option.

10 Hot Security Technologies Enterprises Need Now
10 Hot Security Technologies Enterprises Need Now
(Click image for larger view and slideshow.)

After more than a year of beta testing, Google Cloud Platform now officially supports customer-supplied encryption keys (CSEK) for Compute Engine, the company's infrastructure-as-a-service offering.

For IT organizations that take data security seriously, the ability to supply, control, and manage encryption keys has become highly desirable, for the sake of legal compliance and for simple reassurance. In a statement, Neil Palmer, CTO of advanced technology at FIS Global, a Google Cloud Platform customer, characterizes CSEK as "a critical feature."

Since Edward Snowden's 2013 revelations about the extent of online surveillance by government agencies, it has become clear that third-party cloud services can be compelled to provide encryption keys that they control. There's also the risk that cloud service providers may lose control of keys through vulnerabilities.

"With CSEK, disks at rest are protected with your own key that cannot be accessed by anyone, inside or outside of Google, unless they present your key," explain Google product managers Maya Kaczorowski and Eric Bahna in a blog post. "Google does not retain your keys and only holds them transiently to fulfill your request, such as attaching a disk or starting a VM."

According to Google's Transparency Report, government demands for user data have increased every year since the company began keeping track in 2009. The number of data breaches in the US reached 781 in 2015, only two shy of the record 783 breaches in 2014, according to the Identity Theft Resource Center.

(Image: Pixabay/Enigma encryption machine)

(Image: Pixabay/Enigma encryption machine)

Google began allowing customers to supply and manage their own encryption keys in June of last year. It's somewhat late to the game. Amazon Web Services began offering CSEK, also referred to as "bring your own key" (BYOK), on its S3 storage service in June 2014, and it added the AWS Key Management Service in November that year.

Microsoft Azure introduced support for CSEK in January, 2015. Box followed suit a month later. Last month, Salesforce jumped on the self-supplied encryption key bandwagon.

[See 7 Ways Cloud Computing Propels IT Security.]

While data encryption is advisable for any organization that has to protect data, it's not a guarantee that that data will remain secure. Earlier this year, the FBI sought to compel Apple's assistance to create a special version of iOS that would allow it to undo the encryption features built into the iPhone.

Apple resisted the demand, and the FBI ultimately was able to access the device with the help of a third party and an undisclosed vulnerability. The lesson here for information technology professionals is that any third-party involvement with data represents a potential point of failure for security.

Google presently offers CSEK in Canada, Denmark, France, Germany, Japan, Taiwan, the UK, and the US. Later this month, it plans to expand availability to Australia, Italy, Mexico, Norway, and Sweden.

(Cover Image: D3Damon/iStockphoto)

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
IT Budgets: Traditional Still Bigger than Cloud
Jessica Davis, Senior Editor, Enterprise Apps,  9/20/2018
Commentary
Building a Smart City Doesn't Have a Common Blueprint
Guest Commentary, Guest Commentary,  9/18/2018
Commentary
AWS vs. Azure: Users Share Their Experiences
Guest Commentary, Guest Commentary,  9/7/2018
Register for InformationWeek Newsletters
Video
Current Issue
The Next Generation of IT Support
The workforce is changing as businesses become global and technology erodes geographical and physical barriers.IT organizations are critical to enabling this transition and can utilize next-generation tools and strategies to provide world-class support regardless of location, platform or device
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll