With the rise of ransomware and other forms of cyberattacks this year, computer security is becoming a major concern for most enterprises. In response, Google LLC has taken the opportunity to advocate some of the advanced measures it uses to protect its cloud customer’s data.

In a blog post Wednesday morning about a newly published whitepaper titled, “Encryption in Transit in Google Cloud,” Google security and privacy product manager Maya Kaczorowski talked about the company’s approach to protecting data in transit.

Google employs a number of measures to ensure the authenticity, integrity and privacy of data in transit, Kaczorowski wrote. She explained that all data sent to Google’s cloud is encrypted using HTTP Secure, which is an adaptation of the the Hypertext Transfer Protocol that prevents outsiders from snooping on that traffic. In addition, the company uses the Transport Layer Security, or TLS, protocol for the same purpose, with both standards being implemented by default.

Those are pretty basic standards these days, but Google goes much further by implementing additional security measures to protect data in transit within its cloud. Kaczorowski explained that Google uses the same protocols to encrypt virtual machine-to-virtual machine traffic by default. It also uses something called the Application Layer Transport Security protocol to secure service to service calls, encrypting data that leaves a physical boundary – or in other words, data that’s sent from one Google facility to another located in a different geographic area.

ALTS is the subject of a second white paper published by Google today, which explains that the protocol is a “highly reliable” and “trusted” system it enables by default, used to authenticate and secure internal communications between different Google services.

Google said ALTS is superior to other encryption methods because it provides each workload running on its cloud a unique identity, which means they can be authenticated individually. With other methods, only the machine those workloads are running on could be authenticated. ALTS also allows for more scalability than other protocols, and can even reduce customer’s overheads.

The icing on the cake is the additional encryption options Google provides in addition to all those. They include something called an IPsec VPN tunnel at the network layer of its Cloud VPN service, enabling the encryption of requests sent to a service hosted on Google’s cloud from an on-premises computer. Google also provides the option of free and automated certificates that implement TLS in Google App Engine and Firebase Hosting custom domains.

Finally, Google also offers something called Istio, which is an open-source “mesh” service it developed along with IBM Corp. and Lyft Inc. to encrypt data in transit between cloud services and manage the associated keys and certificates.

For a more in-depth understanding of Google’s cloud security measures, check out its whitepapers here and here.

Image: Duca di Spinaci/Flickr