Skip to main content

Google allays PRISM fears with automatic encryption for Google Cloud Storage

Google has announced automatic server-side encryption of all data uploaded to Google Cloud Storage, in an apparent attempt to allay privacy fears following the PRISM scandal.

Companies such as Ubisoft, that use the corporate service to store information including customer and developer data, will receive the service automatically without the need for setup or configuration.

"We know that security is important to you and your customers," Google said in a blog post introducing the update.

"Our goal is to make securing your data as painless as possible. To help, Google Cloud Storage now automatically encrypts all data before it is written to disk, at no additional charge."

Under the service, the 128-bit Advanced Encryption Standard will be applied to every Cloud Storage object's data and metadata. The per-object key is then being encrypted with a unique key associated with the object owner. To add that final level of security, these keys are additionally encrypted by one of a regularly rotated set of master keys.

"If you require encryption for your data, this functionality frees you from the hassle and risk of managing your own encryption and decryption keys. We manage the cryptographic keys on your behalf using the same hardened key management systems that Google uses for our own encrypted data, including strict key access controls and auditing," said Google.

If companies wish to manage their own keys, they can continue to encrypt data independently before it is written to Cloud Storage.

"This feature adds to the default encryption functionality already provided by Persistent Disks and Scratch Disks that come with Google Compute Engine," added Google.

"Together, this means that all data written to unstructured storage on the Google Cloud Platform is now encrypted automatically, with no additional effort required by developers."