Google now encrypts cloud storage by default
In the lengthening shadow of the NSA surveillance scandal, Google adds encryption to all its Cloud Storage customer data.
Google's Cloud Storage service now automatically encrypts all its customer data for free, the company said Thursday.
The encryption has "no visible performance impact," Google Cloud Storage's product manager, Dave Barth, wrote in a blog post. "If you require encryption for your data, this functionality frees you from the hassle and risk of managing your own encryption and decryption keys," he said.
New files added to Cloud Storage will be encrypted as they're uploaded and before they're saved to a drive. Older files will be migrated "in the coming months," Barth said. This is part of Google's emphasis on "forward secrecy," which many Internet companies have yet to adopt.
When asked about how Google handles encrypted data when requested by a government agency, the company repeated in a statement that user information is only provided "in accordance with the law."
"We don't provide our encryption keys to any government," said a Google spokesperson. "We believe we're an industry leader in providing strong encryption, along with other security safeguards and tools."
Google's Cloud Storage uses 128-bit Advanced Encryption Standard (AES), a lower standard of encryption than the 256-bit AES that's often used to protect password managers and financial data.
Developers can still use their own encryption and manage their own keys.
Basically, this completes Google's quest to encrypt all of your data in its Cloud Platform. It adds to the encryption offered by the Google Compute Engine's Persistent Disks and Scratch Disks, so that all data saved to unstructured storage on the Google Cloud Platform gets protected automatically.