Google has started encrypting all the data written to disk using its Google Cloud Storage service. Unfortunately this doesn’t apply (yet) to Google Drive, Google’s consumer level cloud storage service. Google Cloud Storage is an enterprise service offered by Google for use together with its other web service offerings like App Engine and Compute Engine.
According to a blog post made by Dave Barth, the Product Manager for Google Cloud Storage, there is no setup or configuration required and no need for users to change the way they access the service since the data is automatically and transparently encrypted and decrypted when accessed by an authorized user.
Seen as a possible move to sooth users fears about snooping by government agencies like the NSA the use of disk encryption is vital for certain types of applications, but it only stops an unauthorized person accessing the data if they physically get hold of the disks. This would mean that the NSA would need to swoop into the Google data center and start stripping out hard drives from machines, if that happens then your data will be secure… almost…
I say almost as the keys used for the encryption are automatically managed by Google using “the same hardened key management systems” that Google uses for its own encrypted data. Access to these keys is apparently strictly controlled and audited. However if Google was forced by law to hand over those keys then the encryption becomes irrelevant.
Each Cloud Storage object’s data and metadata is encrypted under the 128-bit Advanced Encryption Standard (AES-128), and each encryption key is itself encrypted with a regularly rotated set of master keys
NSA besides, the move should stop any disgruntled employees from stealing your data. Barth also points out that if you are uncomfortable with Google managing your keys then “you can still encrypt data yourself prior to writing it to Cloud Storage.”
As for Google Drive, it is rumored that Google is experimenting with server-side encryption for Drive and rolling it out to enterprise customers could be the first step to adding it to its consumer level offering, as probably Google Drive uses the same infrastructure as Google Cloud Storage.
Do you think server side encryption using keys handled by Google makes any difference to the level of security? Let me know your thoughts?