Google Cloud Now Supports Customer Supplied Encryption Keys (CSEK)

Google Cloud Platform

When customers provide their own encryption keys, they can reduce the risks of unauthorized access to the data stored in the cloud. Fortunately, Google Cloud now offers this option.

The support for customer supplied encryption keys comes after a whole year of beta testing. Officially, from yesterday, the Google Cloud platform supports the CSEK for Compute Engine.

CSEK is something of value to IT organizations that take Security seriously. CSEK offers the ability to supply, control and manage encryption keys. Supplying your encryption keys is both legally compliant and puts your mind at rest as you are more than assured that no one has access to your data, not even Google. According to Neil Palmer, CTO of advanced technology at FIS Global, which is a Google Cloud client, “CSEK is a critical feature.”

In 2013, we saw Edward Snowden’s revelations of the extent of governments’ internet surveillance. Therefore, it has since become so clear to cloud customers that cloud services providers can allow them to provide their own encryption keys. However, there is the risk that the risk of more vulnerabilities as the cloud service provider has no control over the encryption.

According to Google in a Transparency Report, the government demands their clients’ data often. In fact, such demands increased since Google began tracking the data in 2009. In 2014 the number of data breaches in the US reached 783, and in 2015 the incidences of data breaches only decreased by two to 781, according to figures provided by the Identity Theft Resource Center.

But Google is somehow behind its competitors in allowing customers to supply their own encryption keys, considering the beta testing began June 2015. Microsoft Azure began support for CSEK in January 2015, and Box followed suit a month later. Amazon Web Services began supporting CSEK, otherwise referred to as bring-your-own-key (BYOK), in June 2014, and the service extended to AWS Key Management Service in November 2014. Last month, Salesforce joined the others in supporting CSEK.

Data encryption decreases the chances of data breaches, but it does not give 100% assurance that the data will stay safe. Apple’s refusal to provide FBI with a backdoor to accessing users’ data is a recent proof that data cannot stay safe even after encryption. After their refusal, FBI hired a third party. The firm they hired was able to decrypt data on iOS via an undisclosed vulnerability.

Now, Google supports CSEK in UK, US, Taiwan, Japan, Germany, France, Canada and Denmark. By the end of this month, CSEK will also be available in Italy, Mexico, Australia, Sweden, and Norway.