carloscastilla - Fotolia

Google Cloud KMS: What are the security benefits?

Google Cloud KMS is a new encryption key management service available for Google customers. Expert Matthew Pascucci discusses how this service works and its security benefits.

Google introduced a key management product for its cloud services, Google Cloud Key Management Service. How does Google Cloud KMS work, and what are the potential security benefits?

Google Cloud Key Management Service (KMS) allows its customers to create, use, rotate and destroy encryption keys in the cloud. Customers can either create keys in the Google Cloud KMS with AES-256.

This is important for Google -- the company recently made a big push to vie for enterprise customers -- because Amazon Web Services (AWS) and Microsoft Azure have had this capability for some time. The addition of Google Cloud KMS proves that it's maturing into a real contender within the enterprise cloud space. Allowing a cloud-based KMS to store symmetric keys in the cloud -- Google-created -- makes implementing encryption acceptable and easy.

One of the main challenges with key management systems is handling the keys when there are complicated systems and in-house expertise already at play. With Google's Cloud KMS, there is no longer the need to have an on-premises system, like a hardware security module, and lack of scalability is no longer a concern.

Using Google Cloud KMS also allows for low latency, with frequent cloud-based requests that increase response time with encryption in the cloud. It allows a robust API to assist with the integration of applications to perform proper key management throughout the systems already in place.

Google Cloud KMS gives customers the ability to have their cloud auditing and identity management features snap into this service. It helps with logging, as well as the accountability of the applications and users accessing the keys.

This feature could also help quell compliance concerns, as auditors will likely be calling for this feature as soon as it's used within a regulated industry. Also, Google performs security checks on its own KMS by using multiple tools -- including Project Wycheproof -- to monitor for weaknesses.

With this service, Google is hoping regulated industries will feel more secure about moving their applications and data to the Google cloud platform. Financial and healthcare are two industries that are heavily regulated, and that rely on the use of encryption to keep their data secure.

It will be interesting to see if these industries and others start using Google Cloud KMS; it's going to boil down to a trust issue with Google. Will these organizations trust Google to hold their encryption keys in the cloud? Only time will tell.

Ask the expert:
Want to ask Matt Pascucci a question about security? Submit your question now via email. (All questions are anonymous.)

Next Steps

Find out how key aliases affect cloud key management

Learn more about the bring-your-own-key offering from Box

Check out how AWS Key Management Service can bolster security

Dig Deeper on Cloud security

Enterprise Desktop
Cloud Computing