NEWS
NEWS
NEWS
Google allows cloud customers to lock down their own data
Google has made its Customer-Supplied Encryption Keys (CESK) option for Google Compute Engine generally available. Customer content will still be encrypted by Google as the default option, but customers can choose to use CESK for better control over their data’s security.
At present, Google Cloud Platform uses one or more encryption mechanisms automatically, and data at the storage level is also encrypted with AES256 or AES128, but this method isn’t totally secure as it’s theoretically possible for someone to steal the keys from within Google itself and then access customer’s data. With CESK, that’s no longer possible as Google no longer has access to the keys. The company provides more information about how CESK works in this whitepaper.
“Customer-supplied encryption keys give us the fidelity and granular control to provide strong data-protection assurances to our customers,” said Neil Palmer, CTO of Advanced Technology at FIS Global in a Google blog post. “It’s a critical feature and Google’s approach is key to our end-to-end security posture.”
Google first introduced CESK for Compute Engine in beta last year. One benefit is that it allows companies to tell their clients that encryption keys are not stored with third parties. However, the main disadvantage is that data could end up being left inaccessible if a customer loses its keys, as Google has no way of recovering them or accessing the data they protect.
Google said CESK is now available in the U.S., the U.K., Canada, France and Germany. Other countries, including Australia, Italy, Mexico, Norway and Sweden are set to be added later this month.
Google’s move brings it in line with Amazon Web Services (AWS), Box Inc., and Microsoft Azure, all of which allow customers to supply their own encryption keys. One rarely discussed benefit for cloud providers that offer this service is that it gives them a way to sidestep requests for access to data from government agencies, which is a big privacy issue in the industry that’s yet to be resolved.
Image credit: 733215 via pixabay.com
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
