Google Cloud Storage now automatically encrypts all data

Google Cloud Storage now automatically encrypts all data

Summary: Current users shouldn't actually notice a difference in performance or usage as this is all set up to take place behind-the-scenes.


Google is beefing up security on the server-side of its cloud storage platform.

Essentially, all data going into the Google Cloud Storage world is going to be automatically encrypted before it is written and saved to the disk. Data will then automatically be decrypted when accessed by authorized users.

Current users shouldn't actually notice a difference in performance or usage as this is all set up to take place behind-the-scenes.

Google product manager Dave Barth explained further in a blog post on Thursday that this should also reduce "any hassle" in managing encryption and decryption keys.

We manage the cryptographic keys on your behalf using the same hardened key management systems that Google uses for our own encrypted data, including strict key access controls and auditing. Each Cloud Storage object’s data and metadata is encrypted with a unique key under the 128-bit Advanced Encryption Standard(AES-128), and the per-object key itself is encrypted with a unique key associated with the object owner. These keys are additionally encrypted by one of a regularly rotated set of master keys. Of course, if you prefer to manage your own keys then you can still encrypt data yourself prior to writing it to Cloud Storage.

This additional security option is being baked into the platform for all users, meaning it will be included in existing subscriptions rather than tacked on for another fee.

Server-side encryption is now active for all new data written to Cloud Storage. Older objects will be migrated and encrypted in the coming months.

Topics: Cloud, Google, Privacy, Security, Google Apps

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Google products can't be allowed in 5 mile radius of an enterprise.

    Google platforms are weak, insecure and Google's ethics and professional itself is below industry standards.
    • er what?

      What do you know about enterprise?
      You spend your entire day trolling here ready to pounce on any article about Google and crap out your usual drivel about why you hate them.
      Get a job, where you actually have to work, not surf tech sires all day, and shut the f up. Finally!
      Don't use them. And stay quite.
    • C'mon you can do better

      Your trolling abilities leave much to be desired. Get back to trolling school and learn how to write invective comments...
  • OK, but... the encryption done before or after they've read it? We can, after all, have no 'expectation of privacy'.
    • Google will hold the keys for you,

      unless you encrypt them yourself with your own keys.
    • They manage the keys...

      which means, that essentially, it is pretty useless.

      The only thing it will stop is if a hacker hacks the cloud storage, but not the key server...

      But if Google are managing the keys and encryption on your behalf, it is just a point on the advertising blurb to impress the uninitiated!
  • encrypted at rest not so secure

    Ok its only encrypted on disk not on the wire or in transit or in memory which leaves too many openings and yes your data can and therefore will be sniffed, spied on, harvested as you should by now expect.
    • They don't have to catch it in transit or memory...

      if you allow Google to hold the keys, they can decrypt the data themselves at their leisure...use your own keys to encrypt the data prior to placing it in storage, irregardless of service used.
      • come on...

    • In transit

      it will probably be sent over a tunnel of some kind, SSL, SSH etc.

      But Googling holding the keys and encrypting and decrypting for you doesn't add much in the way of security, at least not against Google. It would only provide any additional security if a hacker got to the data, without getting at the keys.
      • I think it's funny, and a little depressing

        that we worry more about Google now than we do hackers.
  • But first they

    Analyse, catalog and store your content for later search results. Then they encrypt using their keys.

    Heck and darn in a way it's already 'encrypted' in binary. All you need it the key to unlock it, either way.

    There is no substitute for encrypting your own private information and using your own key.

    there is the problem, all of us tries to do the same things and the old ways are not working correctly... Swiftcoins is a new service and is really wonderful how works and how change the point of view about the security in the internet.A video on how it works just blew me away. Watch this
  • O yeah...they encrypt your stuff NOW THAT THEY HAVE A QUANTUM COMPUTER

    that can decrypt 768 bit keys in half an hour? Nice one googleplex. Bowled a googly. The spying will NEVER end. It's part of the business model of "free" stuff.
  • google encryption no protection from NSA

    Since Google will turn over all keys and/or your decrypted data to the NSA upon demand, and without notifying you, the new security protocols Google is introducing have limited value. Since I am a person who opposes most of current U.S. foreign and military policy, and has e-mail correspondence with human rights advocates overseas, my data is far more at risk from the NSA than from random hackers.
  • Google gets Attaboy for Spreading Perfect Layer of Manure

    OK, so the encryption will provide a little more protection against hackers, but Google admits that users won't notice much difference. Because there really is none. They're still going to scour everything users put up to use in their marketing and then sell to other advertisers. And they'll roll over and pull out their encryption keys every time NSA, DEA, IRS, etc comes calling.

    Google Drive, Dropbox, iCloud, Box, Instagram - all the public cloud storage providers suffer from the same weaknesses. The law says users lose the expectation of privacy for data stored more than 180 days. Users hand control of their files to a third party that can do what they want with it. Perhaps worst of all, what goes up NEVER comes down. When you upload a file, they make multiple backups so you don't lose it, which is nice unless you want to delete something. You can delete your copy, you can close your account, but the backups live on forever and Google can hand them over to NSA, DEA, IRS or they can be subpoenaed by your legal adversaries and used against you.

    I think we're going to see more new products like Cloudlocker ( which stays at home where they still need a warrant & probable cause that you're a bad guy to get to it. And no one else has copies or backup copies to bite you in the butt after you deleted the original. I believe private cloud devices like this will be the next big thing.