Google introduces encryption to Google Cloud Storage - but NSA will still have easy access

Server-side encryption will secure user data from attack. But Google will hold the keys

Google has bowed to concerns over unauthorised eavesdropping by announcing that it will start to automatically encrypt data stored in Google Cloud Storage.

The company says that it will use 128-bit advanced encryption standard (AES) encryption, alongside a number of other security measures.

"Each Cloud Storage object's data and metadata is encrypted with a unique key under the 128-bit Advanced Encryption Standard (AES-128), and the per-object key itself is encrypted with a unique key associated with the object owner.

"These keys are additionally encrypted by one of a regularly rotated set of master keys," wrote product manager David Barth in a blog post.

"There is no free-for-all, no direct access, no indirect access, no back door, no drop box," added Google's chief legal officer and senior vice president, David Drummond.

The server-side encryption means that the data will seamlessly be encrypted without the users having to do anything.

However, while that encryption will make the data held in Google's cloud more secure from attack, the keys will still be held by Google. That means that the US National Security Agency (NSA) will still be able to access customers' data with a simple order approved by the secret Foreign Intelligence Surveillance Court.

For that, Barth recommends that customers encrypt their data before uploading it to the Google Cloud.