Google says Encryption Keys are in the Ignition

By

It has been such a wild few days in the cyber security area with all of the hacks, data breaches, exposures by security folks that all Android and wearable devices can be compromised, etc., that an announcement by Google of a new security measure almost slipped through the cracks.  Hence, as a bit of a public service, I’d like to draw your attention to the following Google Cloud Platform Blog, Bring Your Own Encryption Keys to Google Cloud Platform, by Leonard Law, Product Manager. 

Yes, you read correctly.   Now as a free trial and available soon is Customer-Supplied Encryption Keys for Google Compute Engine— accessible in select countries via Google’s APIDevelopers Console, and gcloud. As Google points out this literally means your organization will be able to “bring-your-own-keys to encrypt compute resources.” 

As the posting states, this is all about giving people control over how data is encrypted with the Google Compute Engine on their public cloud .The blog enumerates the benefits as:

  • Secure: All compute assets are encrypted using the industry-leading AES-256 standard, and Google never retains keys, meaning Google cannot decrypt your data at rest.
  • Comprehensive: Unlike many solutions, Customer-Supplied Encryption Keys cover all forms of data at rest for Compute Engine, including data volumes, boot disks, and SSDs.
  • Fast: Google Compute Engine is already encrypting all data at rest, and Customer-Supplied Encryption Keys gives users greater control, without additional overhead.
  • Included Free: Google fees that encryption should be enabled by default for cloud services; which is why they are not going to charge for the option to bring your own keys.

All of this sounds good on its face. It does seem advantageous to allow users to users create and hold the keys, determine when data is active or "at rest," and prevent anyone accessing their "at rest" data.

Image via Shutterstock

While it sounds good, I did want to pass along a few words of warning from Secure Channels CEO and Co-Founder Richard Blech who said:

"This is a marketing ploy by Google who is implying that using their custom encryption engine allows you, the consumer, to control your own encryption key(s) for Google’s Compute Engine. The consumer is given a false sense of security because they are bringing “their own” encryption keys to the cloud. Google’s  platform is not agnostic and uses their engine to create the keys as well as protect the data. Whether this is good or not is not the question, but what is certain, is that it is not BYOE. In order to have true BYOE, the user must be able to define and control the encryption and the keys themselves, and be able to use them agnostically with all environments and applications."

Blech makes an interesting point. However, while it would be nice to reach the ultimate goal he would like to see, as is the want in technology markets staking out the differentiated value of one’s own environment is not a bad place to start. In this regard, Google deserves credit for doing so and making it free. Indeed, it might be worth taking the beta out for a spin.




Edited by Maurice Nagle
SHARE THIS ARTICLE
Related Articles

How Your Business Can Reorient Content Delivery to Be More Inclusive

By: Contributing Writer    1/25/2022

As a company owner, it's your responsibility to ensure that your business can realize its full potential, even in a competitive industry. It might not…

Read More

11 Highest Paying Technology Jobs in Data Analytics and Science

By: Contributing Writer    1/24/2022

The art of data science and analytics is being able to find relevant relationships and connections within large amounts of data sets. It is a sector o…

Read More

Microsoft to Become Third Ranked Gaming Company with Activision Buyout

By: Laura Stotler    1/19/2022

Microsoft is poised to become the third largest global gaming company with its announcement that it will purchase Activision Blizzard in a $68.7 billi…

Read More

What Is an XS-Leak Attack?

By: Contributing Writer    1/19/2022

The "same-site" origin policy (SOP) is a critical piece of online security. While it's not an internet standard, but rather a rule enforced by interne…

Read More

Interactive Displays For Education- Here's What You Should Know

By: Contributing Writer    1/19/2022

Undoubtedly, the amount of attention and enthusiasm kids show in their studies significantly impacts their depth of understanding and retention level.…

Read More