Users of Google’s cloud computing platform are now able to manage their own encryption keys, the company has announced. For those who take advantage of the option, their Google Compute Engine encryption keys will be deleted from Google’s once they’re passed on to the user end.
It’s a security boost, effectively allowing for the decentralization of encryption keys and preventing them from being hacked in a security breach on Google’s servers. There remains the possibility that they could still be hacked at other vulnerable moments, such as when they’re generated or when data that hasn’t yet been encrypted is sent to Google; but overall this offers an important extra layer of security. It means that even in the event of a major security breach on Google’s end, the encrypted data can’t be retrieved.
The only real drawback, as Russell Brandom points out in a Verge article, is that the users who do take advantage of the feature will be fully responsible for managing their own encryption keys. Google can’t help them if the keys are lost, or if users suffer their own security breaches.
That is probably a serious concern for individual users, but for companies handling sensitive data on the Google Compute Engine, it’s probably a manageable risk that is worth taking. Organizations are handling increasing amounts of important data online, and as serious hack attacks drag more of it out into the open, concerns are growing about security. Google’s latest development is a welcome addition to the security toolkit.
Source: The Verge