Google Just Eased Some Security Concerns About Cloud Storage

    August 15, 2013
    Chris Crum
    Comments are off for this post.

Google announced that Google Cloud Storage now encrypts all data before it’s written to disk. Better yet, this will cost you nothing extra. In fact, you don’t even have to do anything extra or change any settings. Data is simply decrypted when read by an authorized user.

“If you require encryption for your data, this functionality frees you from the hassle and risk of managing your own encryption and decryption keys,” writes product manager Dave Barth in a blog post. “We manage the cryptographic keys on your behalf using the same hardened key management systems that Google uses for our own encrypted data, including strict key access controls and auditing.”

“Each Cloud Storage object’s data and metadata is encrypted with a unique key under the 128-bit Advanced Encryption Standard (AES-128), and the per-object key itself is encrypted with a unique key associated with the object owner,” Barth adds. “These keys are additionally encrypted by one of a regularly rotated set of master keys. Of course, if you prefer to manage your own keys then you can still encrypt data yourself prior to writing it to Cloud Storage.”

The new encryption is already active for all new data as it’s written to Google Cloud Storage. This goes for creating new objects or overwriting existing ones.

Don’t worry about your old stuff, unless you need it to happen immediately. Google says it will deploy encryption to older objects over the coming months. If you need this to happen sooner for some reason, I guess you can just go overwrite your stuff yourself.

  • Abney

    Hmm…so does this mean Google won’t turn over your files if the government asks for them? And if so, will they tell you? Hmmm…

    I may sound jaded, but I’m looking for there to be a spike in the market for products that allow us to protect our own privacy. I understand journalists have been relying on email encryption services like TOR for a while, and there are personal cloud devices such as Cloudlocker that allow you to store your files at home. At least that way, if the government wants your files they’ll have to get your permission.

  • Really

    I would stay away from the cloud with anything important.

    If you read the Patriot Acts, you will come to find that the government has rights and access to all your files. As far as hackers go, the cloud has so many holes in it. One security analyst said that the holes are so large you could fly a 747 through them.

  • Paige Leidig

    Everyone knows that that server side encryption cannot protect your date from any threats i.e. an account hijacker can still download all your info, a disgruntled sysadmin at Google can still access your keys and your data etc. Also, in the case of a business their compliance for HIPAA, PCI, etc. remain unsolved as Google is not taking any legal liability, in the event of a data breach. As a result the business will end up paying for all legal liability including breach notifications. The ever important Data residency issue is also not solved with Google’s approach as your data and keys to encrypt/decrypt are both in the Google cloud. And last but definitely least – especially in the spotlight of government disclosures i.e. NSA Prism is also not addressed by Google’s approach.