Google's Cloud Storage service now encrypts all data before it is written to disk using the 128-bit Advanced Encryption Standard (AES). The search giant recently announced as much via their Cloud Platform blog, noting the change will come without additional charge for customers.
What's more, there is no setup or configuration required, no need to modify the way customers access the service and no visible performance impact. Data will be automatically and transparently decrypted when read by an authorized user.
The service is used by a number of large companies including Best Buy, Rovio and Ubisoft to store various types of content.
The company said they manage the cryptographic keys on a user's behalf using the same key management systems that they use for their own encrypted data. This is said to include strict key access controls and auditing. Specifically, user data and metadata is encrypted using a unique key, which is then encrypted again using another key associated with the data owner. Finally, that key is encrypted using a regularly rotated master key - sounds pretty secure to me.
All new data written to the cloud will be encrypted on the server side. Older objects will be migrated and encrypted in the coming months, Google said.
The move likely comes as a result of recent concern over government spying as it was revealed just last month that the search giant was testing new methods to foil such activity. It is believed that the recently declassified NSA Prism program had direct access to servers from a number of tech giants including Apple, Facebook and Google. Naturally, these companies and others have denied any knowledge of this.