Google says Encryption Keys are in the Ignition

By

It has been such a wild few days in the cyber security area with all of the hacks, data breaches, exposures by security folks that all Android and wearable devices can be compromised, etc., that an announcement by Google of a new security measure almost slipped through the cracks.  Hence, as a bit of a public service, I’d like to draw your attention to the following Google Cloud Platform Blog, Bring Your Own Encryption Keys to Google Cloud Platform, by Leonard Law, Product Manager. 

Yes, you read correctly.   Now as a free trial and available soon is Customer-Supplied Encryption Keys for Google Compute Engine— accessible in select countries via Google’s APIDevelopers Console, and gcloud. As Google points out this literally means your organization will be able to “bring-your-own-keys to encrypt compute resources.” 

As the posting states, this is all about giving people control over how data is encrypted with the Google Compute Engine on their public cloud .The blog enumerates the benefits as:

  • Secure: All compute assets are encrypted using the industry-leading AES-256 standard, and Google never retains keys, meaning Google cannot decrypt your data at rest.
  • Comprehensive: Unlike many solutions, Customer-Supplied Encryption Keys cover all forms of data at rest for Compute Engine, including data volumes, boot disks, and SSDs.
  • Fast: Google Compute Engine is already encrypting all data at rest, and Customer-Supplied Encryption Keys gives users greater control, without additional overhead.
  • Included Free: Google fees that encryption should be enabled by default for cloud services; which is why they are not going to charge for the option to bring your own keys.

All of this sounds good on its face. It does seem advantageous to allow users to users create and hold the keys, determine when data is active or "at rest," and prevent anyone accessing their "at rest" data.

Image via Shutterstock

While it sounds good, I did want to pass along a few words of warning from Secure Channels CEO and Co-Founder Richard Blech who said:

"This is a marketing ploy by Google who is implying that using their custom encryption engine allows you, the consumer, to control your own encryption key(s) for Google’s Compute Engine. The consumer is given a false sense of security because they are bringing “their own” encryption keys to the cloud. Google’s  platform is not agnostic and uses their engine to create the keys as well as protect the data. Whether this is good or not is not the question, but what is certain, is that it is not BYOE. In order to have true BYOE, the user must be able to define and control the encryption and the keys themselves, and be able to use them agnostically with all environments and applications."

Blech makes an interesting point. However, while it would be nice to reach the ultimate goal he would like to see, as is the want in technology markets staking out the differentiated value of one’s own environment is not a bad place to start. In this regard, Google deserves credit for doing so and making it free. Indeed, it might be worth taking the beta out for a spin.




Edited by Maurice Nagle
SHARE THIS ARTICLE
Related Articles

Coding and Invention Made Fun

By: Special Guest    10/12/2018

SAM is a series of kits that integrates hardware and software with the Internet. Combining wireless building blocks composed of sensors and actors con…

Read More

Facebook Marketplace Now Leverages AI

By: Paula Bernier    10/3/2018

Artificial intelligence is changing the way businesses interact with customers. Facebook's announcement this week is just another example of how this …

Read More

Oct. 17 Webinar to Address Apache Spark Benefits, Tools

By: Paula Bernier    10/2/2018

In the upcoming webinar "Apache Spark: The New Enterprise Backbone for ETL, Batch and Real-time Streaming," industry experts will offer details on clo…

Read More

It's Black and White: Cybercriminals Are Spending 10x More Than Enterprises to Control, Disrupt and Steal

By: Cynthia S. Artin    9/26/2018

In a stunning new report by Carbon Black, "Hacking, Escalating Attacks and The Role of Threat Hunting" the company revealed that 92% of UK companies s…

Read More

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More