Google security support

nShield HSM “bring your own key” now available for Google customers supplying keys.

  • 7 years ago Posted in
Thales announces support for Google Cloud Platform’s Customer-Supplied Encryption Key (CSEK) functionality. Google Cloud Platform customers can now generate, protect, and supply their encryption keys to the cloud using an on-premise, FIPS-certified nShield hardware security module (HSM) from Thales. The new CSEK support empowers enterprise customers who want to move workloads and data to the Google Cloud Platform, but need to retain control of their key material on-premise.
 
 
Jon Geater, CTO at Thales e-Security says:
“While most enterprises want to take advantage of public clouds, some have requirements to generate and manage encryption key material on-premise. In introducing Customer-Supplied Encryption Keys, Google is allowing customers to implement a separation of duties as required. Customers using nShield HSMs and leveraging Google Cloud Platform can manage their keys from their own environments for use in the cloud, giving them greater control over how key material is generated.”
 
Protected by FIPS 140-2 Level 3 certified hardware, nShield uses strong methods to generate keys based on nShield’s high-entropy random number generator. Following generation, nShield exports customer keys into the cloud for one-time use via Google’s Customer-Supplied Encryption Key functionality. Using this feature, keys are only stored in memory, and discarded by Google after use. Customers can also leverage nShield HSMs on-premise for key storage protection and resilient disaster recovery mechanisms, giving them greater control over their key lifecycle.
 
Many enterprises must meet strict security standards due to internal or regulatory compliance rules, which sometimes presents a barrier to cloud usage. Thales nShield support for Google’s Customer-Supplied Encryption Key allows them to adopt key management practices that strengthen their cloud security and subsequently helps them implement their compliance controls.
 
Thales nShield HSMs are FIPS 140-2 Level 3 certified, tamper-resistant devices. nShield HSMs are also Common Criteria certified and are recognized as Qualified Signature Creation Devices (QSCDs) under the European eIDAS requirements. Thales is technology member of the Google Cloud Platform partner program.
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...