Google's Cloud Lets You Bring Your Own Encryption Keys

...

Millennials know exactly what they want and expectations are high - very high. They are empowered

By supplying their own encryption keys, organizations can reduce the chance that an outside party will be able to gain access to their data, at least while it's at rest. Now Google's cloud platform is offers the option.

After more than a year of beta testing, Google Cloud Platform now officially supports customer-supplied encryption keys (CSEK) for Compute Engine, the company's infrastructure-as-a-service offering.

For IT organizations that take data security seriously, the ability to supply, control, and manage encryption keys has become highly desirable, for the sake of legal compliance and for simple reassurance. In a statement, Neil Palmer, CTO of advanced technology at FIS Global, a Google Cloud Platform customer, characterizes CSEK as "a critical feature."

Since Edward Snowden's 2013 revelations about the extent of online surveillance by government agencies, it has become clear that third-party cloud services can be compelled to provide encryption keys that they control. There's also the risk that cloud service providers may lose control of keys through vulnerabilities.

"With CSEK, disks at rest are protected with your own key that cannot be accessed by anyone, inside or outside of Google, unless they present your key," explain Google product managers Maya Kaczorowski and Eric Bahna in a blog post. "Google does not retain your keys and only holds them transiently to fulfill your request, such as attaching a disk or starting a VM."

According to Google's Transparency Report, government demands for user data have increased every year since the company began keeping track in 2009. The number of data breaches in the US reached 781 in 2015, only two shy of the record 783 breaches in 2014, according to the Identity Theft Resource Center.

Google began allowing customers to supply and manage their own encryption keys in June of last year. It's somewhat late to the game. Amazon Web Services began offering CSEK, also referred to as "bring your own key" (BYOK), on its S3 storage service in June 2014, and it added the AWS Key Management Service in November that year.

Microsoft Azure introduced support for CSEK in January, 2015. Box followed suit a month later. Last month, Salesforce jumped on the self-supplied encryption key bandwagon.

While data encryption is advisable for any organization that has to protect data, it's not a guarantee that that data will remain secure. Earlier this year, the FBI sought to compel Apple's assistance to create a special version of iOS that would allow it to undo the encryption features built into the iPhone.

Apple resisted the demand, and the FBI ultimately was able to access the device with the help of a third party and an undisclosed vulnerability. The lesson here for information technology professionals is that any third-party involvement with data represents a potential point of failure for security.

Google presently offers CSEK in Canada, Denmark, France, Germany, Japan, Taiwan, the UK, and the US. Later this month, it plans to expand availability to Australia, Italy, Mexico, Norway, and Sweden.

Categories
APPLICATIONS
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    Apple Finally Launches Bug Bounties

    The tech titan—a long-time holdout in the bug bounty arena—announced its new program during this week's Black Hat event in Las Vegas.The biggest surprise, though, was Krstic's bug bounty announcement.
  • 5300c769af79e

    Here's Why Google Is Lying in its Pixel Ads

    The Google Pixel is "only on Verizon.And yet "only on Verizon" is the line that ends every ad in Google's current $3.
  • 5300c769af79e

    Hands On With the BlackBerry Mercury

    LAS VEGAS—The BlackBerry Mercury isn't a "real" phone yet.The Mercury, which has been leaked "about 600 times," according to TCL Communication North America president Steve Cistulli, is the new Android-powered smartphone running BlackBerry's software stack with the classic keyboard, complete with silvery frets between the rows.
  • 5300c769af79e

    Cyber Threats Targeting Mergers and Acquisitions

    Download Global merger and acquisition activity reached record-breaking deal values in 2015 at over $4 trillion.These high levels of activity are expected to continue, making it all the more important to secure sensitive information.