News Stay informed about the latest enterprise technology news and product updates.

Google key management keeps pace with AWS, Azure

A new Google Cloud Key Management Service attempts to keep pace with AWS and Azure with an important feature for highly regulated industries and enterprises that operate on its cloud.

Google is once again playing catch-up with Amazon Web Services -- this time, with an end-to-end security service...

that could be critical for highly regulated enterprises.

Google Cloud Key Management Service (Cloud KMS) is available to test in nearly 50 countries. Cloud KMS connects the disparate pieces of Google Cloud Platform (GCP) under one umbrella for a centralized way to handle workloads that reside on Google's cloud.

Google already offers a range of encryption and key capabilities: It encrypts data at rest by default, and last year, it added customer-supplied encryption keys. This new service fills the gap between those capabilities, and it targets customers in industries such as healthcare and the financial sector that want to simplify control over the creation, rotation and destruction of keys across GCP services.

The Google key management service provides a root of trust that can be monitored and audited, and it integrates directly with Google's Cloud Identity & Access Management and audit logging services. It uses the Advanced Encryption Standard in Galois/Counter Mode, which is the same encryption library Google said it uses internally for Google Cloud Storage.

Workiva, a financial reporting software developer in Ames, Iowa, worked with Google on Cloud KMS because it had to build its own version of the service to meet customer requirements.

"It's critical," said Dave Tucker, Workiva's vice president of engineering. "Without us doing this service, there are a number of customers that we wouldn't have [on GCP]."

Key management embedded at the platform level opens Workiva's customers to a broader range of GCP services, and it removes Workiva from the key management loop, he added.

Google previously lacked a generalized, service-wide key management system for its services and applications, so Cloud KMS is a major step forward, said Steve Riley, an analyst at Gartner.

Prior to this, Compute Engine and Cloud Storage customers had to rely on customer-supplied keys, which are limited to 20 countries. For Compute Engine, for example, customers had to use it to encrypt Google-generated keys that, in turn, encrypt only persistent disks.

"That all changes now," Riley said. "It's in line with what we're seeing across the landscape of the name-brand, tier-one cloud service providers -- offering a managed encryption service that integrates across the various services."

Customers may choose to use Cloud KMS and customer-supplied encryption keys separately or together, said Neil MacDonald, a Gartner analyst.

Keeping up with the cloud competition

Just like how everyone requires SSO connections, this will be the evolution where everyone will have the same thing.
Dave Tuckervice president of engineering, Workiva

Once derided for its lack of enterprise know-how, Google brought on Diane Greene, the former VMware founder and chief, to head up its cloud division in late 2015. Since then, the company has made a serious push to fill the gaps in its services for that customer base, including new security features, regional expansion, a broader partner ecosystem and greater outreach.

Google's new Cloud KMS directly compares to offerings from its primary public cloud rivals: AWS Key Management Service and Microsoft Azure Key Vault, which became available in 2014 and 2015, respectively. Cloud KMS is currently in beta, and Google didn't provide a date when it will be generally available.

Not every user will want this level of security right now, but it's requested more frequently these days -- and not just in highly regulated industries, Tucker said.

"Eventually, it will just become best practices," he said. "Just like how everyone requires SSO [single sign-on] connections, this will be the evolution where everyone will have the same thing."

Trevor Jones is a news writer with TechTarget's data center and virtualization media group. Contact him at tjones@techtarget.com

Next Steps

Google adds new cloud security certifications

Why Google cloud deserves a second look in 2017

Google slashes cloud storage prices

Dig Deeper on Data security in the cloud

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What is your key management strategy for cloud-based services?
Cancel
Keep no keys should be the new strategy. Keys on the cloud are like keys under the doormat. Only a matter of time till someone find out where and how you keep them.

Cancel

-ADS BY GOOGLE

SearchServerVirtualization

SearchVMware

SearchVirtualDesktop

SearchAWS

SearchDataCenter

SearchWindowsServer

SearchCRM

Close