Google Cloud Platform is moving to improve its cloud security, beta testing a variety of encryption key-management services that would let end-users control their own security.
Keys are text strings, such as passwords or lengthy numbers, needed to access data. By default, GCP manages server-side keys on behalf of end-users. Google Cloud already encrypts data at rest, without any action required from the customer, and it can already use customer-supplied encryption keys.
But for customers in regulated industries such as financial services or health care, or for those that simply want enhanced security, Google’s new key-management service (KMS) is an alternative to custom-built or ad hoc key-management systems. Cloud KMS gives users another way to manage encryption keys easily in a cloud-hosted environment.
KMS lets users create, use, rotate, and destroy keys though the KMS API, using the Advanced Encryption Standard block cipher in Galois/Counter mode, Google said. That’s the same encryption library used internally to encrypt data in Google Cloud Storage.
Cloud security remains the chief concern among 660 IT professionals surveyed by Netwrix, that company said in a study. About 69 percent of respondents said unauthorized access to cloud data remains their major worry.
GCP rival Amazon Web Services also has a KMS, as does Microsoft Azure.
