Google Encrypts All Data In Cloud Storage

By | August 16, 2013

Posted in: Network Security Trends

Google Cloud Platform announced this week that it is now automatically encrypting all data before it is written to disk – but many users were skeptical about the security advantages.

Dave Barth, Google Cloud product manager, said in a blog post the goal was to make it as painless as possible for users to secure their data.

“Google cloud storage now automatically encrypts all data before it is written to disk, at no additional charge,” Barth said. “There is no setup or configuration required, no need to modify the way you access the service and no visible performance impact. The data is automatically and transparently decrypted when read by an authorized user.”

He said the new measure would free users from “the hassle and risk of managing your own encryption and decryption keys. We manage the cryptographic keys on your behalf using the same hardened key management systems that Google uses for our own encrypted data, including strict key access controls and auditing.”

Barth said each object’s data and metadata were encrypted with a unique key under the 128-bit Advanced Encryption Standard, “and the per-object key itself is encrypted with a unique key associated with the object owner. These keys are additionally encrypted by one of a regularly rotated set of master keys. Of course, if you prefer to manage your own keys then you can still encrypt data yourself prior to writing it to cloud storage.”

Server-side encryption was already active for all new data written to cloud storage, Barth said, whether for creating new objects or overwriting existing objects. “Older objects will be migrated and encrypted in the coming months.”

He said the company was committed “to evolve the security capabilities of our platform,”  but made no mention of the storm now raging over data surveillance by the National Security Agency (NSA).

Many of the comments posted in response to the announcement referred to the NSA programme.

“Can NSA just ask Google for the encryption keys?” asked PJ Rosenberg. “I think it is amazing that Google now encrypts all data but at the same time it's worthless, since they hold the keys . . . so if you want real security you’ll have to do it yourself before you upload your data.”

Marcel Mason wrote: “So one of the companies that is complicit in widespread US government surveillance of private citizen data and communications is now offering to encrypt citizen data on their servers using their  keys --  I can’t be the only one who sees just a bit of a confidence problem with this.”

Ryan Wolf said he applauded Google for implementing automatic encryption. “But, honestly there’s a serious problem with it: why are you guys only using AES-128? It has already proven not strong enough, and can be cracked by today’s technology in a reasonable amount of time. Whether NSA or a foreign government agency, it can be broken. Please reconsider!  I feel no more secure with Google using AES-128 than I do if it was clear and in the open.”

You May Also Be Interested In: