Google’s Cloud Platform gets a new key management service. But if an enterprise needs more control over its keys to rotate and manage them, then the Cloud KMS service is for them. It’s worth noting that Cloud KMS users can also use the service to securely store other secrets like OAuth tokens or configuration credentials on the service as well. As Kaczorowski stressed, this also means that the company is able to keep the latency of these transactions low. “We want to be able to be in the serving path of our customers,” she said. “We want to enable people to encrypt things they weren’t able to before.” With the addition of Cloud KMS, Kaczorowski argued, Google now offers its users the full continuum of key management options — ranging from customer-supplied keys that are kept on-premise and used to secure cloud assets on one side and the default Cloud Platform encryption on the other, with the flexibility of the new Cloud KMS service in the middle. Kaczorowski tells me that the service can easily handle hundreds of millions of keys and secrets, so scaling should not be an issues. “From the get-go, we architected it to allow customers to use as many keys as they want to,” she said. For the longest time, Google didn’t really go after these companies, but the company is now putting a renewed emphasis on competing in the enterprise cloud business. Featured Image: Veronique Lee/Getty Images
Google is launching a new key management service for its Cloud Platform today that will help enterprises — especially in regulated industries like healthcare and banking — to create, use, rotate and destroy their encryption keys in the cloud. The aptly named Google Cloud Key Management Service (Cloud KMS) is now available as a beta in select countries.
Enterprises have traditionally managed their keys on premise, but as they have slowly moved more of their workloads to the cloud, they have also started thinking about how they can manage their keys in the cloud, too. With the AWS Key Management Service and Azure Key Vault, Amazon and Microsoft have long offered a similar tool, for example and even Google itself already offered a more basic version of Cloud KMS for users who wanted to supply their own encryption keys.
As Google’s Maya Kaczorowski, the Product Manager for this service, told me, it’s worth remembering that Google itself already encrypts all of the data on its platform by default. But if an enterprise needs more control over its keys to rotate and manage them, then the Cloud KMS service is for them.
It’s worth noting that Cloud KMS users can also…