Google now automatically encrypts all Google Cloud Storage data

By on August 16, 2013, 10:06 AM
google, nsa, cloud, encryption, aes encryption, prism, google cloud storage

Google’s Cloud Storage service now encrypts all data before it is written to disk using the 128-bit Advanced Encryption Standard (AES). The search giant recently announced as much via their Cloud Platform blog, noting the change will come without additional charge for customers.

What’s more, there is no setup or configuration required, no need to modify the way customers access the service and no visible performance impact. Data will be automatically and transparently decrypted when read by an authorized user.

The service is used by a number of large companies including Best Buy, Rovio and Ubisoft to store various types of content.

The company said they manage the cryptographic keys on a user’s behalf using the same key management systems that they use for their own encrypted data. This is said to include strict key access controls and auditing. Specifically, user data and metadata is encrypted using a unique key, which is then encrypted again using another key associated with the data owner. Finally, that key is encrypted using a regularly rotated master key – sounds pretty secure to me.

All new data written to the cloud will be encrypted on the server side. Older objects will be migrated and encrypted in the coming months, Google said.

The move likely comes as a result of recent concern over government spying as it was revealed just last month that the search giant was testing new methods to foil such activity. It is believed that the recently declassified NSA Prism program had direct access to servers from a number of tech giants including Apple, Facebook and Google. Naturally, these companies and others have denied any knowledge of this.




User Comments: 9

Got something to say? Post a comment
cliffordcooley cliffordcooley, TechSpot Paladin, said:

For some reason that is still not very comforting! Knowing they could be ordered to decrypt (thats right, I don't put allot of faith in on-line encryption) and be gagged from telling anyone about it, doesn't sit well with me.

treeski treeski said:

For some reason that is still not very comforting! Knowing they could be ordered to decrypt (thats right, I don't put allot of faith in on-line encryption) and be gagged from telling anyone about it, doesn't sit well with me.

Maybe not, but at least it's a system that prevents governement entities from "accidentally" picking up data. Not much you can do about official requests, but at least the paperwork will (hopefully) be there in those cases, allowing for some oversight.

I hope other cloud storage services follow suit.

Guest said:

Backtrack all you want google, from now on I'll just keep buying hard drives to keep backup of my stuff

im NEVER uploading anything to the cloud again, not google's or any other

PinothyJ said:

Intelligent people just use [link]

...

TorturedChaos, TechSpot Chancellor, said:

Since I started using email and then cloud storage, I have made a point to never put anything with important or sensitive information in it. I just don't trust it.

Guest said:

Intelligent people just use [link]

I don't use CryptSync, but I do use PowerArchiver which offers the same feature.

PinothyJ said:

I don't use CryptSync, but I do use PowerArchiver which offers the same feature.

If it works, it works...

Guest said:

Jesus. they are encrypting it when it is written to the disk. HELLO???? anyone in there?

the NSA is intercepting traffic over the net, not going into the servers and copying it. This does absolutely nothing to stop that interception. This means it is encrypted once it arrives at its destination. data in flight is still at risk.

Guest said:

" they are encrypting it when it is written to the disk. HELLO???? anyone in there?

the NSA is intercepting traffic over the net, not going into the servers and copying it. This does absolutely nothing to stop that interception. This means it is encrypted once it arrives at its destination. data in flight is still at risk."

Yes, this is mostly pointless. In all honesty, I'm far less worried about one company systematically scanning emails, cloud files, ect than the MANY other entities out there on the net intercepting it. If I had to pick I'd rather the data be encrypted at all times or at least while it's moving. Why it's not encrypted is beyond me.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.