Google Cloud gets up to speed with AWS and Azure with launch of HSM crypto tool

James has more than a decade of experience as a tech journalist, writer and editor, and served as Editor in Chief of TechForge Media between 2017 and 2021. James was named as one of the top 20 UK technology influencers by Tyto, and has also been cited by Onalytica, Feedspot and Zsah as an influential cloud computing writer.

Google Cloud has announced the launch of a managed cloud-hosted hardware security module (HSM) service – joining Amazon Web Services and Microsoft Azure in this security benchmark.

The Cloud HSM will enable customers to host encryption keys and perform cryptographic operations in FIPS 140-2 Level 3 certified HSMs, according to a company blog post.

To put this in perspective, the highest level for the FIPS 140-2 standard is Level 4, which aims to “provide a complete envelope of protection around the cryptographic module with the internet of detecting and responding to all unauthorised attempts at physical access.” Level 3, instead, requires “a high probability of detecting and responding to attempts at physical access, use or modification of the cryptographic module.”

Cloud HSM is tightly integrated with Google’s Cloud Key Management Service (KMS), which enables data protection in services such as BigQuery, Google Compute Engine, Google Cloud Storage and DataProc with a hardware-protected key.

The move came about, according to product manager Il-Sung Lee, because customers wanted more options to protect sensitive information and meet compliance mandates. This is despite Google claiming to be the only cloud provider that encrypts all customer data at rest.

“For those of you managing compliance requirements, Cloud HSM can help you meet regulatory mandates that require keys and crypto operations be performed within a hardware environment,” wrote Lee. “In addition to using FIPS 140-2 certified devices, Cloud HSM will allow you to verifiably attest that your cryptographic keys were created within the hardware boundary.”

Some may consider that this has been a long time coming for Google; Microsoft announced Azure Key Vault, a cloud-hosted HSM-backed service for managing cryptographic keys, as far back as the start of 2015. AWS’ CloudHSM tool is also widely documented.

Yet Google’s cloud operations have certainly been innovative elsewhere of late. Earlier this month the company announced the launch of pre-packaged AI services, around contact centres and talent acquisition, as well as supporting NVIDIA’s Tesla P4 GPUs, for graphics-intensive and machine learning applications.

Find out more about Google Cloud HSM beta here.# in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *