Google announced a new beta capability on its Cloud Platform Blog: support for customer-supplied encryption keys – “Bring Your Own Encryption Keys to Google Cloud Platform” The feature lets users create and hold the keys, determine when data is active or “at rest,” and prevent anyone accessing their “at rest” data. Richard Blech, CEO and Co-Founder, at Secure Channels commented on the Google’s new User Encryption offering.
Richard Blech, CEO and Co-Founder, at Secure Channels :
“This is a marketing ploy by Google who is implying that using their custom encryption engine allows you, the consumer, to control your own encryption key(s) for Google’s Compute Engine. The consumer is given a false sense of security because they are bringing “their own” encryption keys to the cloud. Google’s platform is not agnostic and uses their engine to create the keys as well as protect the data. Whether this is good or not is not the question, but what is certain, is that it is not BYOE. In order to have true BYOE, the user must be able to define and control the encryption and the keys themselves, and be able to use them agnostically with all environments and applications.”