Google's recently announced they'll be allowing customers to bring their own encryption keys to their Google Compute Engine (their IAAS offering). This essentially limits them from knowing what's stored in the public cloud since they can't read what data's stored at rest. It also allows them to show that they're playing in the Edward Snowden era and proving to customers that encryption and privacy due matter. At least that's what they're trying to show.
Now before we start lavishing Google with praises, lets remember that this isn't anything new. Both Amazon and Microsoft have this capability, but use third party vendors to store keys in an HSM (like SafeNet) to accomplish the task. From what I've read about the product it seems Google's made there own method to store the keys. This slightly concerns me, but we'll see what comes out over the next couple weeks and as the product matures.
Either way, this is a big move towards privacy.
Now before we start lavishing Google with praises, lets remember that this isn't anything new. Both Amazon and Microsoft have this capability, but use third party vendors to store keys in an HSM (like SafeNet) to accomplish the task. From what I've read about the product it seems Google's made there own method to store the keys. This slightly concerns me, but we'll see what comes out over the next couple weeks and as the product matures.
Either way, this is a big move towards privacy.
No comments:
Post a Comment