11 January, 2017
Google’s Cloud Platform Gets A New Key Management Service
Google is launching a new key management service for its Cloud Platform today that will help enterprises — especially in regulated industries like healthcare and banking — to create, use, rotate and destroy their encryption keys in the cloud. The aptly named Google Cloud Key Management Service (Cloud KMS) is now available as a beta in select countries.
Enterprises have traditionally managed their keys on premise, but as they have slowly moved more of their workloads to the cloud, they have also started thinking about how they can manage their keys in the cloud, too. With the AWS Key Management Service and Azure Key Vault, Amazon and Microsoft have long offered a similar tool, for example and even Google itself already offered a more basic version of Cloud KMS for users who wanted to supply their own encryption keys.
As Google’s Maya Kaczorowski, the Product Manager for this service, told me, it’s worth remembering that Google itself already encrypts all of the data on its platform by default. But if an enterprise needs more control over its keys to rotate and manage them, then the Cloud KMS service is for them.
It’s worth noting that Cloud KMS users can also use the service to securely store other secrets like OAuth tokens or configuration credentials on the service as well. Google tells me that fraud detection provider Ravelin, for example, uses the service to store its users’ configuration and authentication credentials that are needed as part of virtually every transaction on its service in Cloud KMS.
As Kaczorowski stressed, this also means that the company is able to keep the latency of these transactions low. “We want to be able to be in the serving path of our customers,” she said. “We want to enable people to encrypt things they weren’t able to before.”