This article was published on August 15, 2013

Google updates Cloud Storage with server-side encryption: No setup, no performance impact, and no extra charge


Google updates Cloud Storage with server-side encryption: No setup, no performance impact, and no extra charge

Google today announced an update to Google Cloud Storage that beefs up security: server-side encryption. The service now automatically encrypts all data before it is written to disk.

Server-side encryption has already been turned on for all new data written to Cloud Storage, including for both completely new objects and the overwriting of existing objects. Older objects already on Google’s servers will be migrated and encrypted “in the coming months.”

Google is promising there is no setup or configuration required, no need to modify the way you access the service, no visible performance impact, and best of all, no additional charge. All data is automatically decrypted when read by an authorized user.

In short, this update means Google Cloud Storage users no longer have to bother with the hassle and risk of managing their own encryption and decryption keys. Google says it manages your cryptographic keys using the same hardened key management systems that the company uses for its own encrypted data, including strict key access controls and auditing:

Each Cloud Storage object’s data and metadata is encrypted with a unique key under the 128-bit Advanced Encryption Standard (AES-128), and the per-object key itself is encrypted with a unique key associated with the object owner. These keys are additionally encrypted by one of a regularly rotated set of master keys.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

This rollout doesn’t mean that Google is limiting your options. If you prefer to manage your own keys, you can still encrypt data yourself prior to writing it to Cloud Storage.

Google notes that together with the default encryption in Persistent Disks and Scratch Disks that come with Google Compute Engine, all data written to unstructured storage on the Google Cloud Platform is now encrypted automatically. All of this is being done with no additional effort, making the platform that much more enticing to developers.

See also – Google updates Cloud Storage with auto-deletion policies, regional buckets, and faster uploads and Google debuts four-tiered 24/7 support for its cloud platform services, prices start at $0 to $400 per month

Top Image Credit: Pawel Kryj

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with