carloscastilla - Fotolia
Google introduced a key management product for its cloud services, Google Cloud Key Management Service. How does Google Cloud KMS work, and what are the potential security benefits?
Google Cloud Key Management Service (KMS) allows its customers to create, use, rotate and destroy encryption keys in the cloud. Customers can either create keys in the Google Cloud KMS with AES-256.
This is important for Google -- the company recently made a big push to vie for enterprise customers -- because Amazon Web Services (AWS) and Microsoft Azure have had this capability for some time. The addition of Google Cloud KMS proves that it's maturing into a real contender within the enterprise cloud space. Allowing a cloud-based KMS to store symmetric keys in the cloud -- Google-created -- makes implementing encryption acceptable and easy.
One of the main challenges with key management systems is handling the keys when there are complicated systems and in-house expertise already at play. With Google's Cloud KMS, there is no longer the need to have an on-premises system, like a hardware security module, and lack of scalability is no longer a concern.
Using Google Cloud KMS also allows for low latency, with frequent cloud-based requests that increase response time with encryption in the cloud. It allows a robust API to assist with the integration of applications to perform proper key management throughout the systems already in place.
Google Cloud KMS gives customers the ability to have their cloud auditing and identity management features snap into this service. It helps with logging, as well as the accountability of the applications and users accessing the keys.
This feature could also help quell compliance concerns, as auditors will likely be calling for this feature as soon as it's used within a regulated industry. Also, Google performs security checks on its own KMS by using multiple tools -- including Project Wycheproof -- to monitor for weaknesses.
With this service, Google is hoping regulated industries will feel more secure about moving their applications and data to the Google cloud platform. Financial and healthcare are two industries that are heavily regulated, and that rely on the use of encryption to keep their data secure.
It will be interesting to see if these industries and others start using Google Cloud KMS; it's going to boil down to a trust issue with Google. Will these organizations trust Google to hold their encryption keys in the cloud? Only time will tell.
Ask the expert:
Want to ask Matt Pascucci a question about security? Submit your question now via email. (All questions are anonymous.)
Find out how key aliases affect cloud key management
Learn more about the bring-your-own-key offering from Box
Check out how AWS Key Management Service can bolster security
Dig Deeper on Cloud Data Storage, Encryption and Data Protection Best Practices
Related Q&A from Matthew Pascucci
Understanding the differences between sandboxes vs. containers for security can help companies determine which best suits their particular use cases. Continue Reading
Troubleshooting VPN session timeout and lockout issues should focus first on isolating where the root of the problem lies -- be it the internet ... Continue Reading
What sets web roles and worker roles apart in Microsoft's Azure Cloud Services? Here's a look at how they are different. Continue Reading