Google: Lock up your Compute Engine data with your own encryption keys

The company didn't say whether it will offer this feature to its other Cloud Platform services

Google will now let enterprise customers of one of its Cloud Platform services lock up their data with their own encryption keys, in case they're concerned about the company snooping on their corporate information.

On Tuesday, Google started offering users of its Compute Engine service the option, in beta, to deploy their own encryption keys, instead of the industry standard AES 256-bit encryption keys Google itself provides. Encryption keys are used to lock data so it can not be read by other parties.

"Absolutely no one inside or outside Google can access your at rest data without possession of your keys. Google does not retain your keys, and only holds them transiently in order to fulfill your request," wrote Leonard Law, Google product manager, in a blog post describing the new feature.

The keys can be used for the entire time the customer data is stored on Google's platform, including data stored on data volumes, boot disks, and solid state drives. Google doesn't retain the keys and can not access any data that is encrypted with them.

Google didn't mention whether it plans to extend this feature to any of its other Cloud Platform services.

Last week, cloud rival Microsoft took a shot at Google, heavily implying that the company could snoop on its customers.

"We don't read your email. We're not listening to conversations in your house, driving cars up and down the street to do so," Chief Operating Officer Kevin Turner said last week.

While Google does not routinely monitor customer data on the Google Cloud, as Turner may have insinuated, the option of using your own keys to secure data may provide the extra assurance needed for highly data sensitive industries.

The option will also allow organizations to streamline their encryption infrastructure, allowing them to use one set of keys for both Google Cloud and in-house operations.

One customer looking forward to testing this option is Sungard Consulting Services, which uses GCE to run a customer service processing high-volume financial market transactions.

The new feature will allow Sungard to control client data without the paying for third-party encryption providers, according to the Google blog post.

Law cautioned potential users that, should they lose their keys, Google can not help them recover the keys or the data itself.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags Googlesecuritypki

More about GoogleIDGMicrosoftNewsTwitter

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Joab Jackson

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place