Google Cloud Increases Encryption Push With Key Management Service

Tom Jowitt,
cloud google

New beta tool for Google Cloud seeks to simplify encryption key management

Google continues its support of encryption with a new tool called the ‘Google Cloud Key Management Service’ (Cloud KMS), designed to increase the numbers of customers encrypting their data.

The thinking is that with Cloud KMS, customers of the Google Cloud Platform (GCP) will now have the ability to select the right security solution depending on the sensitivity of their data.

For example, healthcare, financial, military and government tend to have much stricter regulatory compliance issues surrounding the safeguarding of data.

Google cloudCloud KMS

The Cloud KMS is currently in beta and is only available in a selected number of countries at this time (UK, USA, France, Germany etc). Google hopes to make encryption key management easier and more scalable, and of course tempt firms to consider using the GCP.

“Cloud KMS offers a cloud-based root of trust that you can monitor and audit,” said Google. “As an alternative to custom-built or ad-hoc key management systems, which are difficult to scale and maintain, Cloud KMS makes it easy to keep your keys safe.”

By using the Cloud KMS, customers can manage symmetric encryption keys in a cloud-hosted solution, and it doesn’t matter if they are used to protect data stored in the Google Cloud Platform or another environment.

The service allows the user to create, use, rotate and destroy keys via the Cloud KMS API, which is  directly integrated with Cloud Identity Access Management and Cloud Audit Logging for greater control over keys.

“At launch, Cloud KMS uses the Advanced Encryption Standard (AES), in Galois/Counter Mode (GCM), the same encryption library used internally at Google to encrypt data in Google Cloud Storage,” blogged Google. “This AES GCM is implemented in the BoringSSL library that Google maintains, and continually checks for weaknesses using several tools, including tools similar to the recently open-sourced cryptographic test tool Project Wycheproof.”

Google touted the fact that with the arrival of the Cloud KMS, GCP now offers a full range of encryption key management options.

Google also used the arrival of Cloud KMS to reiterate its pledge that the firm will not ccess or use GCP customer data, except as necessary to provide them the GCP services.

Encryption Battle

The arrival of this new encryption service may not be welcomed by law enforcement officials such as the FBI.

The tech industry and the US government have clashed before over the issue of encryption. Indeed, in 2015, American tech firms warned President Obama to respect the privacy rights of consumers by not weakening encryption systems.

It came as a US Senate Committee considered a draft bill that would penalise tech firms who refuse court orders over encrypted data. But in April 2016, President Obama refused to support the draft legislation that would require technology companies to help law enforcement crack encryption.

But law enforcement frustration remains. The chief of Europol has previously said the increasing prevalence of encrypted Internet communications is a major difficulty for law-enforcement and national security efforts.

Even former Prime Minister David Cameron wanted British intelligence agencies to be able to monitor the encrypted communications of terror suspects.

Quiz: Can you protect your privacy online?