August 19, 2013
8

Google Cloud StorageGoogle has started encrypting all the data written to disk using its Google Cloud Storage service. Unfortunately this doesn’t apply (yet) to Google Drive, Google’s consumer level cloud storage service. Google Cloud Storage is an enterprise service offered by Google for use together with its other web service offerings like App Engine and Compute Engine.

According to a blog post made by Dave Barth, the Product Manager for Google Cloud Storage, there is no setup or configuration required and no need for users to change the way they access the service since the data is automatically and transparently encrypted and decrypted when accessed by an authorized user.

Seen as a possible move to sooth users fears about snooping by government agencies like the NSA the use of disk encryption is vital for certain types of applications, but it only stops an unauthorized person accessing the data if they physically get hold of the disks. This would mean that the NSA would need to swoop into the Google data center and start stripping out hard drives from machines, if that happens then your data will be secure… almost…

I say almost as the keys used for the encryption are automatically managed by Google using “the same hardened key management systems” that Google uses for its own encrypted data. Access to these keys is apparently strictly controlled and audited. However if Google was forced by law to hand over those keys then the encryption becomes irrelevant.

[quote qtext=”Each Cloud Storage object’s data and metadata is encrypted under the 128-bit Advanced Encryption Standard (AES-128), and each encryption key is itself encrypted with a regularly rotated set of master keys” qperson=”Dave Barth” qsource=”” qposition=”center”]

NSA besides, the move should stop any disgruntled employees from stealing your data. Barth also points out that if you are uncomfortable with Google managing your keys then “you can still encrypt data yourself prior to writing it to Cloud Storage.”

As for Google Drive, it is rumored that Google is experimenting with server-side encryption for Drive and rolling it out to enterprise customers could be the first step to adding it to its consumer level offering, as probably Google Drive uses the same infrastructure as Google Cloud Storage.

Do you think server side encryption using keys handled by Google makes any difference to the level of security? Let me know your thoughts?

Gary Sims
Gary has been a tech writer for over a decade and specializes in open source systems. He has a Bachelor's degree in Business Information Systems.He has many years of experience in system design and development as well as system administration, system security and networking protocols. He also knows several programming languages, as he was previously a software engineer for 10 years.
Show 8 comments