Google starts automatically encrypting data stored using its Cloud Storage service

by: Gary SimsAugust 19, 2013

Google Cloud StorageGoogle has started encrypting all the data written to disk using its Google Cloud Storage service. Unfortunately this doesn’t apply (yet) to Google Drive, Google’s consumer level cloud storage service. Google Cloud Storage is an enterprise service offered by Google for use together with its other web service offerings like App Engine and Compute Engine.

According to a blog post made by Dave Barth, the Product Manager for Google Cloud Storage, there is no setup or configuration required and no need for users to change the way they access the service since the data is automatically and transparently encrypted and decrypted when accessed by an authorized user.

Seen as a possible move to sooth users fears about snooping by government agencies like the NSA the use of disk encryption is vital for certain types of applications, but it only stops an unauthorized person accessing the data if they physically get hold of the disks. This would mean that the NSA would need to swoop into the Google data center and start stripping out hard drives from machines, if that happens then your data will be secure… almost…

I say almost as the keys used for the encryption are automatically managed by Google using “the same hardened key management systems” that Google uses for its own encrypted data. Access to these keys is apparently strictly controlled and audited. However if Google was forced by law to hand over those keys then the encryption becomes irrelevant.

[quote qtext=”Each Cloud Storage object’s data and metadata is encrypted under the 128-bit Advanced Encryption Standard (AES-128), and each encryption key is itself encrypted with a regularly rotated set of master keys” qperson=”Dave Barth” qsource=”” qposition=”center”]

NSA besides, the move should stop any disgruntled employees from stealing your data. Barth also points out that if you are uncomfortable with Google managing your keys then “you can still encrypt data yourself prior to writing it to Cloud Storage.”

As for Google Drive, it is rumored that Google is experimenting with server-side encryption for Drive and rolling it out to enterprise customers could be the first step to adding it to its consumer level offering, as probably Google Drive uses the same infrastructure as Google Cloud Storage.

Do you think server side encryption using keys handled by Google makes any difference to the level of security? Let me know your thoughts?

  • MasterMuffin

    I don’t believe that the security level rises that much, because the weakest part is always the password. 12345678 or password are really secure, trust me!

    • Perv Bear

      Don’t worry I use qwerty for my password.

      • MasterMuffin

        That’s mine too (not in Disqus though, don’t even try)

        • smokebomb

          I’ve recently started changing letters that look like numbers/symbols to those number/symbols just because all this NSA stuff has made me slightly more paranoid.

          • MasterMuffin

            Big and small letters + numbers + weird symbols at least 16 characters and that’s it!

  • ME
  • vidar

    Dont trust in cloud.Its like i give my house keys to a jew!

  • NeedName

    It’s irrelevant as the NSA requires Google to give them access to the keys by a blanket court order that they are not allowed to talk about, and Google, MS, apple, etc. have all gone along with this BS without putting up a single fight.

    So, it doesn’t matter what they do with their encryption. . . all your data is being looked at.