Those using Google Cloud Storage
got a nice treat this week when Google announced that it is now encrypting all data before it’s written to disk with 128-bit AES
encryption. Google says that users essentially don’t have to do anything to take advantage of the new capabilities--there’s no setup or configuration needed on the user side.
“If you require encryption
for your data, this functionality frees you from the hassle and risk of managing your own encryption and decryption keys. We manage the cryptographic keys on your behalf using the same hardened key management systems that Google uses for our own encrypted data, including strict key access controls and auditing,” wrote Product Manager Dave Barth in a blog post.
Image credit: GadgetAdda
He also said that the encryption keys themselves are encrypted with regularly rotated encryption keys and that older data will be migrated and slathered with the new encryption soon.
Not everyone will be pumped about Google holding the encryption keys--some will argue that it gives a false sense of security, because Google can look at any data it wishes, or worse, let the NSA or whomever take a peek when it wants.
That’s a little unfair, because for one thing, this is something new that users didn’t have before, so Google has always been able to look at data on its cloud servers. For another, users can still encrypt their data themselves before it gets to Google’s servers. Thus, users’ data can be doubly encrypted, safe from Google itself (and any shadow court-ordered data collection) and also from any would-be hackers.
It’s not a panacea, but it’s not too shabby.