Google has started encrypting all the data written to disk using its Google Cloud Storage service. Unfortunately this doesn’t apply (yet) to Google Drive, Google’s consumer level cloud storage service. Google Cloud Storage is an enterprise service offered by Google for use together with its other web service offerings like App Engine and Compute Engine.
According to a blog post made by Dave Barth, the Product Manager for Google Cloud Storage, there is no setup or configuration required and no need for users to change the way they access the service since the data is automatically and transparently encrypted and decrypted when accessed by an authorized user.
Seen as a possible move to sooth users fears about snooping by government agencies like the NSA the use of disk encryption is vital for certain types of applications, but it only stops an unauthorized person accessing the data if they physically get hold of the disks. This would mean that the NSA would need to swoop into the Google data center and start stripping out hard drives from machines, if that happens then your data will be secure… almost…
I say almost as the keys used for the encryption are automatically managed by Google using “the same hardened key management systems” that Google uses for its own encrypted data. Access to these keys is apparently strictly controlled and audited. However if Google was forced by law to hand over those keys then the encryption becomes irrelevant.
Each Cloud Storage object’s data and metadata is encrypted under the 128-bit Advanced Encryption Standard (AES-128), and each encryption key is itself encrypted with a regularly rotated set of master keysDave Barth
NSA besides, the move should stop any disgruntled employees from stealing your data. Barth also points out that if you are uncomfortable with Google managing your keys then “you can still encrypt data yourself prior to writing it to Cloud Storage.”
As for Google Drive, it is rumored that Google is experimenting with server-side encryption for Drive and rolling it out to enterprise customers could be the first step to adding it to its consumer level offering, as probably Google Drive uses the same infrastructure as Google Cloud Storage.
Do you think server side encryption using keys handled by Google makes any difference to the level of security? Let me know your thoughts?
Like this post? Share it!
I don’t believe that the security level rises that much, because the weakest part is always the password. 12345678 or password are really secure, trust me!
Don’t worry I use qwerty for my password.
That’s mine too (not in Disqus though, don’t even try)
I’ve recently started changing letters that look like numbers/symbols to those number/symbols just because all this NSA stuff has made me slightly more paranoid.
Big and small letters + numbers + weird symbols at least 16 characters and that’s it!
Dont trust in cloud.Its like i give my house keys to a jew!
It’s irrelevant as the NSA requires Google to give them access to the keys by a blanket court order that they are not allowed to talk about, and Google, MS, apple, etc. have all gone along with this BS without putting up a single fight.
So, it doesn’t matter what they do with their encryption. . . all your data is being looked at.