Emil was a reporter for The Next Web between 2012 and 2014. Over the years, he has covered the tech industry for multiple publications, incl Emil was a reporter for The Next Web between 2012 and 2014. Over the years, he has covered the tech industry for multiple publications, including Ars Technica, Neowin, TechSpot, ZDNet, and CNET. Stay in touch via Facebook, Twitter, and Google+.
Google today announced an update to Google Cloud Storage that beefs up security: server-side encryption. The service now automatically encrypts all data before it is written to disk.
Server-side encryption has already been turned on for all new data written to Cloud Storage, including for both completely new objects and the overwriting of existing objects. Older objects already on Google’s servers will be migrated and encrypted “in the coming months.”
Google is promising there is no setup or configuration required, no need to modify the way you access the service, no visible performance impact, and best of all, no additional charge. All data is automatically decrypted when read by an authorized user.
In short, this update means Google Cloud Storage users no longer have to bother with the hassle and risk of managing their own encryption and decryption keys. Google says it manages your cryptographic keys using the same hardened key management systems that the company uses for its own encrypted data, including strict key access controls and auditing:
Each Cloud Storage object’s data and metadata is encrypted with a unique key under the 128-bit Advanced Encryption Standard (AES-128), and the per-object key itself is encrypted with a unique key associated with the object owner. These keys are additionally encrypted by one of a regularly rotated set of master keys.
This rollout doesn’t mean that Google is limiting your options. If you prefer to manage your own keys, you can still encrypt data yourself prior to writing it to Cloud Storage.
Google notes that together with the default encryption in Persistent Disks and Scratch Disks that come with Google Compute Engine, all data written to unstructured storage on the Google Cloud Platform is now encrypted automatically. All of this is being done with no additional effort, making the platform that much more enticing to developers.
See also – Google updates Cloud Storage with auto-deletion policies, regional buckets, and faster uploads and Google debuts four-tiered 24/7 support for its cloud platform services, prices start at $0 to $400 per month
Top Image Credit: Pawel Kryj
Get the TNW newsletter
Get the most important tech news in your inbox each week.