Home Google Adds Customer-Supplied Encryption Keys to Google Compute Engine

Google Adds Customer-Supplied Encryption Keys to Google Compute Engine

by Lyle Smith

In addition to Google Nearline’s Cloud Storage’s recent general availability, the company has announced the beta version of Customer-Supplied Encryption Keys for Google Compute Engine, giving their users the ability to bring-their-own-keys to encrypt compute resources. This certainly brings the best of both worlds, as it provides users the power and flexibility of public cloud all the while giving users desired control over data security.


In addition to Google Nearline’s Cloud Storage’s recent general availability, the company has announced the beta version of Customer-Supplied Encryption Keys for Google Compute Engine, giving their users the ability to bring-their-own-keys to encrypt compute resources. This certainly brings the best of both worlds, as it provides users the power and flexibility of public cloud all the while giving users desired control over data security.

Adding to Google Compute Engine’s industry-standard AES-256 bit encryption security, customer-supplied encryption Keys combines the hardened encryption framework with encryption keys that are managed solely by the user. This allows users to create and hold the keys as well as defining when data is active or at rest; all with the peace of mind that no one else can access the data except them, not even Google.

Google Customer-Supplied Encryption Keys features include:

  • Secure: All compute assets are encrypted using the industry-leading AES-256 standard, and Google never retains any user keys. This means Google cannot decrypt any data at rest.
  • Comprehensive: Unlike many solutions, Customer-Supplied Encryption Keys cover all forms of data at rest for Compute Engine, including data volumes, boot disks, and SSDs.
  • Fast: Google Compute Engine is already encrypting all data at rest, and Customer-Supplied Encryption Keys will grant greater control without adding overhead.
  • Included Free: Google indicates that encryption should be default for cloud services, and should not charge for the option of bringing in your own keys.

This added security comes at a cost, however: Google warns users that if any customer-supplied encryption keys are lost, the company will not be able to help recover the keys as well as any resulting lost data that may occur. 

Availability

Accessible in select countries only, Google is currently rolling out the beta Free Trial and is slated for a release relatively soon. For these countries, users can retrieve Customer-Supplied Encryption Keys via Google’s API, Developers Console, and gcloud, the company’s command-line interface.

Google Cloud Platform

Discuss this story

Sign up for the StorageReview newsletter