On Wednesday, Google announced that a new encryption tool called the Cloud Key Management Service (KMS) would be coming to the Google Cloud Platform, in beta, for certain markets. The service, which aims to make encryption key management easier and more scalable, could entice companies in industries like finance and healthcare to leverage Google Cloud.
According to a press release, the service “offers a cloud-based root of trust that you can monitor and audit.” It is easier to maintain than an ad-hoc key management solution, or one that was custom built, Google stated.
Cloud KMS will allow users to manage symmetric encryption keys that encrypt data stored within Google’s Cloud Platform, as well as data that is stored in other environments, the release said. The service is integrated with other security features in Google Cloud, including Cloud Identity Access Management and Cloud Audit Logging, according to the release. Users can utilize the Cloud KMS API to rotate, use, create, and destroy keys.
Ravelin, a fraud detection provider, is one of the early adopters of KMS. Leonard Austin, CTO at Ravelin, explained in the press release that his company utilizes features such as automatic key rotation to stay compliant with internal policies.
“Cloud KMS’ low latency allows us to use it for frequently performed operations. This allows us to expand the scope of the data we choose to encrypt from sensitive data, to operational data that does not need to be indexed,” Austin wrote in the release.
Cloud KMS uses the Advanced Encryption Standard (AES) in Galois/Counter Mode (GCM), according to the release. This is the same encryption that Google uses in Google Cloud Storage, and it is also used in the BoringSSL library.
Google Cloud Storage will default to managing server-side encryption keys for users, so you’ll need to choose to use KMS if you want to manage any cloud-based keys on your own, the release said. Additionally, by selecting the Customer Supplied Encryption Keys option, users can manage keys on-premises.
With the beta launch, KMS joins a host of other encryption services on Google Cloud Platform, and follows the announcements of Google adding HSTS encryption to google.com. Google has also added a section for HTTPS data in its transparency report, and has given advice to businesses looking to make the switch.
The 3 big takeaways for TechRepublic readers
- Google’s new Cloud Key Management Service (KMS) could make encryption key management easier and more scalable than ad-hoc or custom management tools.
- KMS works with keys that encrypt data on the Google Cloud Platform, and with data encrypted elsewhere.
- Google Cloud Storage will still manage server-side encryption keys for the user if desired, and will do so by default.