Google introduced a key management product for its cloud services, Google Cloud Key Management Service. How does...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Google Cloud KMS work, and what are the potential security benefits?
Google Cloud Key Management Service (KMS) allows its customers to create, use, rotate and destroy encryption keys in the cloud. Customers can either create keys in the Google Cloud KMS with AES-256.
This is important for Google -- the company recently made a big push to vie for enterprise customers -- because Amazon Web Services (AWS) and Microsoft Azure have had this capability for some time. The addition of Google Cloud KMS proves that it's maturing into a real contender within the enterprise cloud space. Allowing a cloud-based KMS to store symmetric keys in the cloud -- Google-created -- makes implementing encryption acceptable and easy.
One of the main challenges with key management systems is handling the keys when there are complicated systems and in-house expertise already at play. With Google's Cloud KMS, there is no longer the need to have an on-premises system, like a hardware security module, and lack of scalability is no longer a concern.
Using Google Cloud KMS also allows for low latency, with frequent cloud-based requests that increase response time with encryption in the cloud. It allows a robust API to assist with the integration of applications to perform proper key management throughout the systems already in place.
Google Cloud KMS gives customers the ability to have their cloud auditing and identity management features snap into this service. It helps with logging, as well as the accountability of the applications and users accessing the keys.
This feature could also help quell compliance concerns, as auditors will likely be calling for this feature as soon as it's used within a regulated industry. Also, Google performs security checks on its own KMS by using multiple tools -- including Project Wycheproof -- to monitor for weaknesses.
With this service, Google is hoping regulated industries will feel more secure about moving their applications and data to the Google cloud platform. Financial and healthcare are two industries that are heavily regulated, and that rely on the use of encryption to keep their data secure.
It will be interesting to see if these industries and others start using Google Cloud KMS; it's going to boil down to a trust issue with Google. Will these organizations trust Google to hold their encryption keys in the cloud? Only time will tell.
Ask the expert:
Want to ask Matt Pascucci a question about security? Submit your question now via email. (All questions are anonymous.)
Find out how key aliases affect cloud key management
Learn more about the bring-your-own-key offering from Box
Check out how AWS Key Management Service can bolster security
Dig Deeper on Cloud Data Storage, Encryption and Data Protection Best Practices
Related Q&A from Matthew Pascucci
Flaws in AirWatch Agent and AirWatch Inbox allowed rooted devices to bypass the software's security measures. Expert Matthew Pascucci explains how ...continue reading
Universal second factor devices can be used to strengthen authentication on major websites such as Facebook. Expert Matthew Pascucci explains how U2F...continue reading
US-CERT encouraged users to use newer versions of Windows SMB, since version one is out of date. Expert Matthew Pascucci explains how to tell if SMB ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.