Google starts to automatically encrypt everything stored on Google Cloud Storage


Last week Google has pushed an important update, which provides server side encryption to all data stored on Google Cloud Storage. That is, Google will now automatically encrypt new data uploaded to the cloud before it is written to the server side disk.

According to Google Platform Blog,

“If you require encryption for your data, this functionality frees you from the hassle and risk of managing your own encryption and decryption keys. We manage the cryptographic keys on your behalf using the same hardened key management systems that Google uses for our own encrypted data, including strict key access controls and auditing. Each Cloud Storage object’s data and metadata is encrypted with a unique key under the 128-bit AdvancedEncryptionStandard (AES-128), and the per-object key itself is encrypted with a unique key associated with the object owner.”

Google also explained that server side encryption is already enabled on new files uploaded on Google Cloud Storage and it will be pushed to existing data later this year.

It is extremely important to note Google has added encryption to Google Cloud Storage, not Google Drive. Google Cloud Storage is the enterprise cloud storage service provided by Google for businesses. Google Drive is the cloud storage service you probably use. Do not mix up the two.

Data encryption is said to be “becoming a bigger deal” ever since news about PRISM broke where top tech giants in the U.S, like Google, Microsoft, and Apple, supposedly had been giving the National Security Agency (NSA) access to their servers without warrants. Although companies are still denying being part of the PRISM program, they are certainly feeling the fallout related to these disclosures.

[via Gigaom, Google Platform Blog]

Related Posts

  • Seamus McSeamus

    Seems a bit like asking the neighbor who went to jail for burglary to house sit while you’re on vacation.

  • kevbo

    [@Ghenghis McCann] Good one. I was trying to come up with a clever one like that for my first comment.

  • kevbo

    This gets funnier to me the more I think about it. As I understand it from Joe’s article, this new “security feature” applies only to the Google Cloud Storage, not Google Drive.

    How long before Google makes the argument that there is no expectation of privacy for Google Drive, like they just recently did with G-mail? Scroogled.

  • David Roper

    You want that file that you marked as Secret last week?

    Please send $20 via Paypal to retrieve it.

    Thanks for allowing us to keep your files.

    They are belong to us.

  • Ghenghis McCann

    [@kevbo] Next time I see a Google Street View car I’ll be sure to give them my house keys.

  • Tom

    “We manage the cryptographic keys on your behalf”

    and should we misplace the keys, our buds over at NSA have them backed-up.

    Server-side encryption is false security. And letting Google, the folks who read alll your emails, provide “security” is a laugh.

    It’s much like paying the punks who offer to watch your parked car for you when you go to the stadium to see the game.

  • kevbo

    “this functionality frees you from the hassle and risk of managing your own encryption and decryption keys. We manage the cryptographic keys on your behalf”

    -LOL. Thanks Google, that sounds pretty secure.