How Google protects your data: Customer-Supplied Encryption Keys for Compute Engine goes GA!
Editor's note: Updated on August 15, 2016 to reflect availability in six new countries — Australia, Israel, Italy, Mexico, Norway and Sweden.
Control over data or agility of the cloud? Why not both? We are pleased to announce that Customer-Supplied Encryption Keys (CSEK) for Compute Engine is now generally available, allowing you to take advantage of the cloud while protecting your Google Compute Engine disks with keys that you control.
Google Cloud Platform (GCP) automatically encrypts customer content stored at rest, including all Compute Engine disks, using one or more encryption mechanisms. We use encryption to help keep your data private and secure. You can learn more by reading our whitepaper, “Encryption at Rest in Google Cloud Platform,” which takes an in-depth look at encryption at rest across GCP.
With CSEK, disks at rest are protected with your own key that cannot be accessed by anyone, inside or outside of Google, unless they present your key. Google does not retain your keys and only holds them transiently to fulfill your request, such as attaching a disk or starting a VM.
We designed Customer-Supplied Encryption Keys to be secure, fast and easy.
Customer-supplied encryption keys give us the fidelity and granular control to provide strong data-protection assurances to our customers. It's a critical feature and Google's approach is key to our end-to-end security posture.
Customer-supplied keys have integrated seamlessly with the fully automated Kubernetes pods and projects that drive Kensho's machine intelligence platform on GCP.
Customer-Supplied Encryption Keys for Compute Engine is available in select countries. With this release, we've expanded to Australia, Israel, Italy, Mexico, Norway and Sweden. If your organization needs this capability and you don’t see your country listed, please let us know. We use your input to determine where it becomes available next.
See you in the cloud!