Google Enables AES-128 Encryption for All Cloud Storage Users
“If you require encryption for your data, this functionality frees you from the hassle and risk of managing your own encryption and decryption keys. We manage the cryptographic keys on your behalf using the same hardened key management systems that Google uses for our own encrypted data, including strict key access controls and auditing,” wrote Product Manager Dave Barth in a blog post.
Image credit: GadgetAdda
He also said that the encryption keys themselves are encrypted with regularly rotated encryption keys and that older data will be migrated and slathered with the new encryption soon.
Not everyone will be pumped about Google holding the encryption keys--some will argue that it gives a false sense of security, because Google can look at any data it wishes, or worse, let the NSA or whomever take a peek when it wants.
That’s a little unfair, because for one thing, this is something new that users didn’t have before, so Google has always been able to look at data on its cloud servers. For another, users can still encrypt their data themselves before it gets to Google’s servers. Thus, users’ data can be doubly encrypted, safe from Google itself (and any shadow court-ordered data collection) and also from any would-be hackers.
It’s not a panacea, but it’s not too shabby.