Google is beefing up security on the server-side of its cloud storage platform.
Essentially, all data going into the Google Cloud Storage world is going to be automatically encrypted before it is written and saved to the disk. Data will then automatically be decrypted when accessed by authorized users.
Current users shouldn't actually notice a difference in performance or usage as this is all set up to take place behind-the-scenes.
Google product manager Dave Barth explained further in a blog post on Thursday that this should also reduce "any hassle" in managing encryption and decryption keys.
We manage the cryptographic keys on your behalf using the same hardened key management systems that Google uses for our own encrypted data, including strict key access controls and auditing. Each Cloud Storage object’s data and metadata is encrypted with a unique key under the 128-bit Advanced Encryption Standard(AES-128), and the per-object key itself is encrypted with a unique key associated with the object owner. These keys are additionally encrypted by one of a regularly rotated set of master keys. Of course, if you prefer to manage your own keys then you can still encrypt data yourself prior to writing it to Cloud Storage.
This additional security option is being baked into the platform for all users, meaning it will be included in existing subscriptions rather than tacked on for another fee.
Server-side encryption is now active for all new data written to Cloud Storage. Older objects will be migrated and encrypted in the coming months.