With concerns over government surveillance of private online data, Google Inc., yesterday announced that it will be encrypting by default, data stored in its Cloud Storage service.
The encryption key will not be provided to any government and Google will only release user data in accordance with the law, according to a Google spokeswoman.
The server-side encryption is now active for all data written to Cloud Storage and older data will be encrypted in the coming months,” said Dave Barth, Google product manager, in a blog post on Thursday.
Each Cloud Storage object’s data and metadata is encrypted with a unique key under the 128-bit Advanced Encryption Standard (AES-128), and the per-object key itself is encrypted with a unique key associated with the object owner.
These keys are additionally encrypted by one of a regularly rotated set of master keys. Users who prefer to manage their own keys can still encrypt data yourself prior to writing it to Cloud Storage.
He said the encryption is provided free and there is not set-or configuration requirements. There is also no need for users to modify the way the access the cloud service.
“The data is automatically and transparently decrypted when read by an authorized user,” said Barth. “If you require encryption for your data, this functionality frees you from the hassle and risk of managing your own encryption and decryption keys.”