Google Cloud Toughens Up Encryption, Network Security

Google added new security capabilities around data encryption, network security, security analytics, and user protection at the U.K. edition of its annual Cloud Next event. But perhaps the most important new capability is its new External Key Manager, which allows companies to store and manage encryption keys outside of Google Cloud. This service, which the cloud provider says will soon be available in beta, works with Cloud KMS, and it lets customers encrypt data in BigQuery and Compute Engine with encryption keys stored and managed in a third-party key management system deployed outside Google’s infrastructure. Google is working with five management vendors on this effort: Equinix, Fortanix, Ionic, Thales, and Unbound. This service is different from bring-your-own-key, or BYOK, that Google and other cloud providers already offer, said Fortanix CTO and co-founder Anand Kashyap. It’s BYOKMS, with the “MS” standing for management service, he said. We expect other large public cloud providers to take note of this announcement, and hopefully in the next year we will see other public cloud providers open up their key management offerings and allow an external key management service to be integrated with them,” Kashyap said. “We are ready and willing to integrate SKDMS with their public clouds.”