Google Cloud adds new customer-supplied encryption key partners
After making its encryption key management service generally available last week, Google on Wednesday announced a number of new encryption key partners for customers who want to supply their own keys.
The company now offers multiple levels of encryption offerings for its Google Cloud Platform (GCP) customers. By default, GCP encrypts customer content stored at rest, without any action required from the customer. Next, closing a gap in its enterprise offerings, Google now offers its key management service for customers who want control over factors like how and when keys are rotated or deleted. Customers can supply keys themselves for Google Cloud Storage or Google Compute Engine.
For customers who want to supply their own keys without managing them, Google is now working with a group of partners that can generate customer-supplied encryption keys. (Image: Google)
"It's not a particularly hard task, but if you've never done crypto before, it can be kind of daunting," explained Maya Kaczorowski, product manager at Google, to ZDNet.
For customers who want to supply their own keys without managing them, Google is now working with a group of partners that can generate customer-supplied encryption keys: Gemalto, Ionic, KeyNexus, Thales, and Virtru.
The partners were chosen for various reasons, Kaczorowski said. Some are already strong partners for other Google services; Gemalto, for instance, has support client-side encryption with Google Cloud Storage for years. KeyNexus, meanwhile, gives customers a centralized system they can use to manage keys across GCP as well as hundreds of other bring-your-own-key use cases spanning SaaS, IaaS, mobile, and on-premise.
Enteprise customers coming to KeyNexus may be juggling dozens of different software-as-a-Service solutions on multiple clouds -- all with keys to manage. Yet when Google began encrypting customer data years ago, "quite frankly, customers weren't ready for it," said Jeff MacMillan, CEO of KeyNexus, to ZDNet.
Google's decision years ago to encrypt data at the infrastructure and hardware device layers eased the burden on developers, Kaczorowski said. The company is giving customers more choices now that encryption is becoming a minimum requirement for the cloud.
"This is one of those differentiators of the cloud, which a lot on-premise solutions don't get," she said. "I might not choose to encrypt data in my private data center if I was a customer because I don't have the expertise, or it's too complicated... But by moving workloads to the cloud, customers get that by default... If you're going to move to the cloud, you better have it."