Google has offered to automatically encrypt any data uploaded to its Cloud Storage service free of charge.
Announcing the move in a company blogpost, Google has also offered to manage the encryption and decryption keys on behalf of its customers by using the same systems it uses to secure its own data, unless they would rather do it themselves.
The service encrypts objects' data and metadata stored in the cloud with a unique key under the 128-bit Advanced Encryption Standard (AES-128), and the 'per object' key itself is encrypted with a unique key associated with the object owner. These keys are additionally encrypted by one of a regularly rotated set of master keys.
According to Google, server-side encryption is already active for all new data written to the service, whether for creating new objects or overwriting existing objects, adding that older objects will be migrated and encrypted in the coming months. It says that the new feature requires no configuration and that users will notice no difference when using the service.
The internet giant may be looking to allay fresh privacy concerns after recently hitting the headlines for stating in a court filing that anyone emailing its 425 million Gmail users should have no "reasonable expectation" that their correspondence will be kept private.
- If you're looking at message encryption, here are some simple solutions.