Google's Cloud Lets You Bring Your Own Encryption Keys - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Cloud // Infrastructure as a Service
News
8/3/2016
10:06 AM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google's Cloud Lets You Bring Your Own Encryption Keys

By supplying their own encryption keys, organizations can reduce the chance that an outside party will be able to gain access to their data, at least while it's at rest. Now Google's cloud platform offers the option.

10 Hot Security Technologies Enterprises Need Now
10 Hot Security Technologies Enterprises Need Now
(Click image for larger view and slideshow.)

After more than a year of beta testing, Google Cloud Platform now officially supports customer-supplied encryption keys (CSEK) for Compute Engine, the company's infrastructure-as-a-service offering.

For IT organizations that take data security seriously, the ability to supply, control, and manage encryption keys has become highly desirable, for the sake of legal compliance and for simple reassurance. In a statement, Neil Palmer, CTO of advanced technology at FIS Global, a Google Cloud Platform customer, characterizes CSEK as "a critical feature."

Since Edward Snowden's 2013 revelations about the extent of online surveillance by government agencies, it has become clear that third-party cloud services can be compelled to provide encryption keys that they control. There's also the risk that cloud service providers may lose control of keys through vulnerabilities.

"With CSEK, disks at rest are protected with your own key that cannot be accessed by anyone, inside or outside of Google, unless they present your key," explain Google product managers Maya Kaczorowski and Eric Bahna in a blog post. "Google does not retain your keys and only holds them transiently to fulfill your request, such as attaching a disk or starting a VM."

According to Google's Transparency Report, government demands for user data have increased every year since the company began keeping track in 2009. The number of data breaches in the US reached 781 in 2015, only two shy of the record 783 breaches in 2014, according to the Identity Theft Resource Center.

(Image: Pixabay/Enigma encryption machine)

(Image: Pixabay/Enigma encryption machine)

Google began allowing customers to supply and manage their own encryption keys in June of last year. It's somewhat late to the game. Amazon Web Services began offering CSEK, also referred to as "bring your own key" (BYOK), on its S3 storage service in June 2014, and it added the AWS Key Management Service in November that year.

Microsoft Azure introduced support for CSEK in January, 2015. Box followed suit a month later. Last month, Salesforce jumped on the self-supplied encryption key bandwagon.

[See 7 Ways Cloud Computing Propels IT Security.]

While data encryption is advisable for any organization that has to protect data, it's not a guarantee that that data will remain secure. Earlier this year, the FBI sought to compel Apple's assistance to create a special version of iOS that would allow it to undo the encryption features built into the iPhone.

Apple resisted the demand, and the FBI ultimately was able to access the device with the help of a third party and an undisclosed vulnerability. The lesson here for information technology professionals is that any third-party involvement with data represents a potential point of failure for security.

Google presently offers CSEK in Canada, Denmark, France, Germany, Japan, Taiwan, the UK, and the US. Later this month, it plans to expand availability to Australia, Italy, Mexico, Norway, and Sweden.

(Cover Image: D3Damon/iStockphoto)

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
Reflections on Tech in 2019
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  12/9/2019
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll