Google says Encryption Keys are in the Ignition

By Peter Bernstein July 31, 2015

It has been such a wild few days in the cyber security area with all of the hacks, data breaches, exposures by security folks that all Android and wearable devices can be compromised, etc., that an announcement by Google of a new security measure almost slipped through the cracks.  Hence, as a bit of a public service, I’d like to draw your attention to the following Google Cloud Platform Blog, Bring Your Own Encryption Keys to Google Cloud Platform, by Leonard Law, Product Manager. 

Yes, you read correctly.   Now as a free trial and available soon is Customer-Supplied Encryption Keys for Google Compute Engine— accessible in select countries via Google’s APIDevelopers Console, and gcloud. As Google points out this literally means your organization will be able to “bring-your-own-keys to encrypt compute resources.” 

As the posting states, this is all about giving people control over how data is encrypted with the Google Compute Engine on their public cloud .The blog enumerates the benefits as:

  • Secure: All compute assets are encrypted using the industry-leading AES-256 standard, and Google never retains keys, meaning Google cannot decrypt your data at rest.
  • Comprehensive: Unlike many solutions, Customer-Supplied Encryption Keys cover all forms of data at rest for Compute Engine, including data volumes, boot disks, and SSDs.
  • Fast: Google Compute Engine is already encrypting all data at rest, and Customer-Supplied Encryption Keys gives users greater control, without additional overhead.
  • Included Free: Google fees that encryption should be enabled by default for cloud services; which is why they are not going to charge for the option to bring your own keys.

All of this sounds good on its face. It does seem advantageous to allow users to users create and hold the keys, determine when data is active or "at rest," and prevent anyone accessing their "at rest" data.

Image via Shutterstock

While it sounds good, I did want to pass along a few words of warning from Secure Channels CEO and Co-Founder Richard Blech who said:

"This is a marketing ploy by Google who is implying that using their custom encryption engine allows you, the consumer, to control your own encryption key(s) for Google’s Compute Engine. The consumer is given a false sense of security because they are bringing “their own” encryption keys to the cloud. Google’s  platform is not agnostic and uses their engine to create the keys as well as protect the data. Whether this is good or not is not the question, but what is certain, is that it is not BYOE. In order to have true BYOE, the user must be able to define and control the encryption and the keys themselves, and be able to use them agnostically with all environments and applications."

Blech makes an interesting point. However, while it would be nice to reach the ultimate goal he would like to see, as is the want in technology markets staking out the differentiated value of one’s own environment is not a bad place to start. In this regard, Google deserves credit for doing so and making it free. Indeed, it might be worth taking the beta out for a spin.




Edited by Maurice Nagle
SHARE THIS ARTICLE
Related Articles

Mist Applies AI to Improve Wi-Fi

By: Paula Bernier    11/9/2017

Mist has created an AI-driven wireless platform that puts the user and his or mobile device at the heart of the wireless network. Combining machine le…

Read More

International Tech Innovation Growing, Says Consumer Technology Association

By: Doug Mohney    11/8/2017

The Consumer Technology Association (CTA) is best known for the world's largest trade event, but the organization's reach is growing far beyond the CE…

Read More

Broadcom Makes Unsolicited $130B Bid for Qualcomm

By: Paula Bernier    11/6/2017

In what could result in the biggest tech deal in history, semiconductor company Broadcom has made an offer to buy Qualcomm for a whopping $130 billion…

Read More

How Google's 'Moonshot' Could Benefit Industrial Markets

By: Kayla Matthews    10/30/2017

The term "moonshot" encapsulates the spirit of technological achievement: an accomplishment so ambitious, so improbable, that it's equivalent to sendi…

Read More

After Cisco/Broadsoft, Who's Next for M&A?

By: Doug Mohney    10/27/2017

Cisco's trail of acquisition tears over the decades includes the Flip video camera, Cerent, Scientific Atlantic, Linksys, and a couple of others. The …

Read More