With concerns over government surveillance of private online data, Google Inc., yesterday announced that it will be encrypting by default, data stored in its Cloud Storage service.
The encryption key will not be provided to any government and Google will only release user data in accordance with the law, according to a Google spokeswoman.
The server-side encryption is now active for all data written to Cloud Storage and older data will be encrypted in the coming months,” said Dave Barth, Google product manager, in a blog post on Thursday.
Each Cloud Storage object’s data and metadata is encrypted with a unique key under the 128-bit Advanced Encryption Standard (AES-128), and the per-object key itself is encrypted with a unique key associated with the object owner.
These keys are additionally encrypted by one of a regularly rotated set of master keys. Users who prefer to manage their own keys can still encrypt data yourself prior to writing it to Cloud Storage.
He said the encryption is provided free and there is not set-or configuration requirements. There is also no need for users to modify the way the access the cloud service.
“The data is automatically and transparently decrypted when read by an authorized user,” said Barth. “If you require encryption for your data, this functionality frees you from the hassle and risk of managing your own encryption and decryption keys.”
Understanding how IBM Spectrum Protect enables hybrid data protection
Abdicating your company’s data protection responsibilities to the first cloud solution provider you encounter is just as unwise as doing nothing at all to leverage the cloud. On the other hand, it can be a wise decision to investigate what results you might achieve by choosing a backup technology that is capable of supporting a hybrid protection approach capable of covering both on-premises technology and offsite cloud capabilities.