An anonymous Slashdot reader quotes The Stack: The Google cloud platform, Google Compute Engine, now allows customers to create their own encryption keys as an alternative to the Google-provided default encryption. Google Compute Engine automatically encrypts all data at rest, managing customer data encryption as a part of the Compute Engine service. However, some customers prefer to manage and control cloud encryption internally, to further tighten data security. Google has released a comprehensive set of instructions for a customer to create their own encryption key. The Customer-Supplied Encryption Key (CSEK) is then used to protect the Google-generated keys that are used automatically for data encryption. The CSEK is an additional layer of protection for data stored in the cloud. Using an internally-generated encryption key also allows customers to control data encryption without using third-party providers, whose services are available at an additional cost.
Read more of this story at Slashdot.