Google Now Lets Developers Bring Their Own Security Keys To Compute Engine

Google is adding another layer of protection for its cloud computing customers.

He commented that Google’s platform is not agnostic and uses its own engine to create the keys as well as protect the data. The biggest worries have to do with improper or unauthorized data access, data leaks, and compromises resulting from accidental or malicious causes. “In order to have true BYOE, the user must be able to define and control the encryption and the keys themselves, and be able to use them agnostically with all environments and applications”.

“Customer-Supplied Encryption Keys marries the hardened encryption framework built into Google’s infrastructure with encryption keys that are owned and controlled exclusively by you”. With the new feature, users can provide the keys used to encrypt and decrypt their data. There remains the possibility that they could still be hacked at other vulnerable moments, such as when they’re generated or when data that hasn’t yet been encrypted is sent to Google; but overall this offers an important extra layer of security.

Leonard Law, Compute Engine product manager, said that Google would not have visibility nor access to their customer’s data. “With customer-supplied encryption keys, we can independently control data encryption for our clients without incurring additional expenses from integrating third-party encryption providers”.

Google Cloud Platform is still vulnerable to government snooping, though, which is no less a cause of concern among the nowadays typically privacy-conscious developers who constitute the lynchpin of its user base.

Google says that since it thinks encryption should be enabled by default for cloud services, it’s not charging for the option to bring your own keys. Another note of caution is that the organization will have to be careful in managing its keys; a Google blog post makes it clear that if the keys are lost, Google can not help with recovering the keys or the data.