Google launches cloud-based key management with new service

(c)iStock.com/tarik kizilkiya

Google has announced the launch of Cloud Key Management Service (KMS), which enables admins to manage their encryption keys in Google Cloud Platform without maintaining an on-premise management system.

The news marks Google’s entry into this particular security arena, following Amazon Web Services (AWS) and Microsoft who launched such initiatives as far back as 2014 and 2015 respectively.

“Customers in regulated industries, such as financial services and healthcare, value hosted key management services for the ease of use and peace of mind that they provide,” wrote Maya Kaczorowski, Google Cloud Platform product manager in a blog post. “Cloud KMS offers a cloud-based root of trust that you can monitor and audit.

“As an alternative to custom-built or ad-hoc key management systems, which are difficult to scale and maintain, Cloud KMS makes it easy to keep your keys safe,” Kaczorowski added.

Alongside this, the company has published a whitepaper which doubles down on its security efforts and details ‘how security is designed into [Google’s] infrastructure from the ground up’, in the words of Google Security distinguished engineer Niels Provos.

The paper, which can be read here, explains how the security of Google’s infrastructure is designed in progressive layers, from the data centre, to the hardware and software which underpins the infrastructure, and the processes put in place to support operational security.

“Google Cloud’s global infrastructure provides security through the entire information processing lifecycle,” wrote Provos. “This infrastructure provides secure deployment of services, secure storage of data with end-user privacy safeguards, secure communications between services, secure and private communication with customers over the internet and safe operation by administrators.”

Regarding the KMS service, Leonard Austin, CTO at Google customer Ravelin, notes the cloud firm is “transparent about how it does its encryption by default…and Cloud KMS makes it easy to implement best practices.”

You can read more about KMS here.