Google has already implemented the encryption for all new data stored to the cloud storage service.
Meanwhile, the company will begin encrypting older data in the coming months, wrote Google product manager Dave Barth in a blog post.
“If you require encryption for your data, this functionality frees you from the hassle and risk of managing your own encryption and decryption keys,” Barth wrote in the blog post. “We manage the cryptographic keys on your behalf using the same hardened key management systems that Google uses for our own encrypted data, including strict key access controls and auditing.”
In the blog post, Barth wrote that Google encrypts the data and metadata around an object stored in cloud storage with a unique key using 128-bit Advanced Encryption Standard algorithm.
The “per-object key itself is encrypted with a unique key associated with the object owner,” and are “additionally encrypted by one of a regularly rotated set of master keys,” he wrote.
Google storage users who prefer to manage their own keys can still encrypt data themselves before writing it to cloud storage, Barth wrote.
“These keys are additionally encrypted by one of a regularly rotated set of master keys,” he wrote. “Of course, if you prefer to manage your own keys then you can still encrypt data yourself prior to writing it to Cloud Storage.”
The encryption announcement comes at a crucial time, following former UD National Security Agency contractor Edward Snowden’s recent revelation about the government surveillance program.
A Google spokeswoman recently said the company does not provide encryption keys to any government and provides user data only in accordance with the law.
Earlier this month, Google added 79 patents to a list that is promises it will not use for suing any open-source software distributor or developer, with the exception of using it for defense purposes.