Google Cloud Computing | Google Cloud Storage

We know that security is important to you and your customers. Our goal is to make securing your data as painless as possible. To help, Google Cloud Storage now automatically encrypts all data before it is written to disk, at no additional charge. There is no setup or configuration required, no need to modify the way you access the service and no visible performance impact. The data is automatically and transparently decrypted when read by an authorized user.

If you require encryption for your data, this functionality frees you from the hassle and risk of managing your own encryption and decryption keys. We manage the cryptographic keys on your behalf using the same hardened key management systems that Google uses for our own encrypted data, including strict key access controls and auditing. Each Cloud Storage object’s data and metadata is encrypted under the 128-bit Advanced Encryption Standard (AES-128), and each encryption key is itself encrypted with a regularly rotated set of master keys. Of course, if you prefer to manage your own keys then you can still encrypt data yourself prior to writing it to Cloud Storage.
 

Server-side encryption is already active for all new data written to Cloud Storage, whether for creating new objects or overwriting existing objects. Older objects will be migrated and encrypted in the coming months. 



This feature adds to the default encryption functionality already provided by Persistent Disks and Scratch Disks that come with Google Compute Engine. Together, this means that all data written to unstructured storage on the Google Cloud Platform is now encrypted automatically, with no additional effort required by developers. We’re happy to be taking this step in our commitment to evolve the security capabilities of our platform.