Google has announced details of a key management service in Beta in select countries that allows enterprises to manage the encryption keys for their cloud-based deployments. The ability of Google Cloud customers to manage their own encryption keys enhances the cloud security of Google’s public cloud platform because customers now have the option of taking ownership of the encryption keys for cloud deployments. Branded Google Cloud Key Management Service (Cloud KMS), Google’s expanded encryption functionality gives it parity with the AWS Key Management service and the Azure Key Vault with respect to customer-owned encryption options. Customers interested in retaining control over their encryption keys have the choice to store the encryption keys in the cloud or on premise. Google’s ability to give encryption keys to its customers is enabled by technology that “uses the Advanced Encryption Standard (AES), in Galois/Counter Mode (GCM), the same encryption library used internally at Google to encrypt data in Google Cloud Storage,” as noted in a blog post.
Google Cloud Platform’s decision to give customers the option of controlling their encryption keys puts it on par with its competitors AWS and Azure while concurrently satisfying the cloud security needs of customers in highly regulated industries such as healthcare and finance, that typically require greater ownership of the mechanism of encryption and de-encryption. Cloud security promises to be an intense area of interest in 2017 and Google’s achievement in coming up to speed with two its key competitors with respect to encryption functionality points to the tip of the iceberg of a broader conversation about cloud security that stands to unfold over the next 12 to 18 months. Given the dramatic proliferation of high profile cloud security breaches in recent months, expect Google Cloud Platform, AWS and Azure to keep enhancing their cloud security options in 2017, particularly since cloud security could represent the game-changer for cloud market share in the public and hybrid cloud space.