Google is going the Amazon way by adding encryption to it’s Cloud Storage, any data stored in the Google cloud will be first kept in RAM and encrypted via AES-128 before being saved, it was announced by Google on Thursday as a way to “make securing your data as painless as possible,” according to a blog post.
Data will then automatically be decrypted when accessed by authorized users.Current users shouldn’t actually notice a difference in performance or usage.
“If you require encryption for your data, this functionality frees you from the hassle and risk of managing your own encryption and decryption keys. We manage the cryptographic keys on your behalf using the same hardened key management systems that Google uses for our own encrypted data, including strict key access controls and auditing”. said Google’s Product Manager Dave Barth. “Each Cloud Storage object’s data and metadata is encrypted with a unique key under the 128-bit Advanced Encryption Standard (AES-128), and the per-object key itself is encrypted with a unique key associated with the object owner. These keys are additionally encrypted by one of a regularly rotated set of master keys. Of course, if you prefer to manage your own keys then you can still encrypt data yourself prior to writing it to Cloud Storage.”