Google launches customer-supplied encryption keys for greater cloud security


Google has launched customer-supplied encryption keys (CESK) for its Compute Engine infrastructure as a service (IaaS), which enables organisations to better protect their cloudy data.

The search giant automatically encrypts customer content stored at rest, including all Compute Engine disks, but in a blog post written by Maya Kaczorowski and Eric Bahna, product managers at Google Cloud Platform, the new release is aimed to be “secure, fast and easy” for users.

“With CESK, disks at rest are protected with your own key that cannot be accessed by anyone, inside or outside of Google, unless they present your key,” the blog notes. “Google does not retain your keys and only holds them transiently to fulfil your request, such as attaching a disk or starting a VM.”

“Customer-supplied encryption keys give us the fidelity and granular control to provide strong data protection assurances to our customers,” said Neil Palmer, CTO of advanced technology at FIS Global and a Google customer. “It’s a critical feature and Google’s approach is key to our end to end security posture.”

The IaaS space has been overwhelmingly examined in recent weeks due to various financial figures and analysis coming out. Alphabet, Google’s parent company, announced its Q2 results at the end of last month. While Google does not disclose specific revenues for its cloud arm, chief executive Sundar Pichai told analysts of the potential of combining cloud with machine learning. Google was also named on its own as a ‘visionary’ in the most recent Gartner Magic Quadrant for cloud IaaS. AWS and Microsoft, not for the first time, were on their own in the leaders’ section.

Currently, CESK is only available in Canada, Denmark, France, Germany, Japan, Taiwan, the UK and the US, with plans to expand to Australia, Italy, Mexico, Norway and Sweden later this month.  

You can find out more about CESK here.

Related Stories

Leave a comment


This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.