Google is testing a new cloud-hosted key management service, called Cloud KMS, on Google Cloud Platform (GCP). Cloud KMS allows enterprises to manage their encryption keys for cloud services right on GCP. Encryption key management has traditionally been handled on-premise for enterprises, but a couple of years ago Amazon and Microsoft offered a cloud-hosted solution. Now Google is building their product to compete with these other cloud solutions.
With Cloud KMS, you can create, use, and destroy AES256 encryption keys. As a member of the Google Cloud Platform, Cloud KMS integrates with Identity Access Management (IAM) and other products; so for each key you store you can manage permissions, see how it’s being used, and when. You can configure things like auto-rotating keys, and it delays key destruction by 24 hours so that if you accidentally destroy a key, you have 24 hours to retrieve it. All of the product’s functionality is accessible via Google’s RESTful API.
You can easily store hundreds of millions of encryption keys in the system, so scaling shouldn’t be an issue. “From the get-go, we architected it to allow customers to use as many keys as they want to,” said Google’s Maya Kaczorowski, the product manager for this service. This platform update, as with many recent updates, shows that Google is starting to target large enterprises; which is something they haven’t been focused on until recently.
The product is now in Beta and available for registration in the Google Cloud console. Pricing is $0.06 per key version per month, and $0.03 per 10,000 key operations (encrypt, decrypt).
To Learn More: