Google Cloud Platform is moving to improve its cloud security, beta testing a variety of encryption key-management services that would let end-users control their own security.
Keys are text strings, such as passwords or lengthy numbers, needed to access data.By default, GCPmanages server-side keys on behalf of end-users. Google Cloud already encrypts data at rest, without any action required from the customer, and it can already use customer-supplied encryption keys.
But for customers in regulated industries such as financial services or health care, or for those thatsimply want enhanced security, Google’s newkey-management service (KMS) is an alternative to custom-built or ad hoc key-management systems. Cloud KMS gives users another way to manage encryption keys easily in a cloud-hosted environment.
KMS lets userscreate, use, rotate, and destroy keys though the KMSAPI, using theAdvanced Encryption Standard block cipher in Galois/Counter mode , Google said. That’sthe same encryption library used internally to encrypt data in Google Cloud Storage.
Cloud security remains the chief concern among 660 IT professionals surveyed by Netwrix , that company said in a study. About 69 percent of respondents said unauthorized access to cloud data remains their major worry.
GCP rival Amazon Web Services also has a KMS , as does Microsoft Azure .