Google Cloud Storage now automatically encrypts all data before it is written to disk, at no additional charge and the change is seemless—no reconfiguration or changes required for users. All new data is already protected and older data will be encrypted in the coming months.
According to Dave Barth, Product Manager, in a recent blog post, “Each Cloud Storage object’s data and metadata is encrypted with a unique key under the 128-bit Advanced Encryption Standard (AES-128), and the per-object key itself is encrypted with a unique key associated with the object owner. These keys are additionally encrypted by one of a regularly rotated set of master keys. Of course, if you prefer to manage your own keys then you can still encrypt data yourself prior to writing it to Cloud Storage.”