In Learning Tree’s Cloud Security Essentials course we have been discussing Amazon’s two offerings for storage encryption for some time. Amazon’s S3 or Simple Storage Service deals with somewhat vague blobs of storage. A stored object could hold a single file, a bunch of files, whatever you want. An S3 object doesn’t look like a file system or a disk, it’s a simple storage container, just as its name suggests. It is possible to use S3 storage as if it were a file system or disk-like device, but if you really need that behavior their EBS or Elastic Block Storage is more what you want.
Amazon first came out with client-side encryption for S3 storage. Some customers were delighted, but many wanted Amazon to handle the details and make it more automatic and easy to use. So, server-side encryption followed.
Now Google has announced that “Google Cloud Storage now automatically encrypts all data before it is written to disk, at no additional charge. There is no setup or configuration required, no need to modify the way you access the service and no visible performance impact. The data is automatically and transparently decrypted when read by an authorized user.” As they say, this is in addition to the existing encryption for the disk-like Persistent Disks and Scratch Disks used with the Google Compute Engine. This announces the addition of encryption for the unstructured storage service.
Each Cloud Storage object has both data (the bulky contents) and metadata (relatively lightweight information about the bulk content), and they now automatically encrypt both of those. It’s not precisely stated in that referenced blog post, but it seems that each stored object is encrypted with AES using its own 128-bit key.
One Cloud Storage user would have a collection of stored objects, meaning a collection of keys. That set of keys, or key ring in the usual metaphor, is itself encrypted “with a regularly rotated set of master keys” in their description.
All these details sound good — unique per-object keys, analogous to session keys in communications; protection of the key ring; secure by default protection. I don’t know why they’re using AES-128 instead of AES-256, although 2128 is a seriously large key space. And I think it’s quite safe to assume that they’re using AES in an appropriate mode, as this is so obvious that I can’t really imagine them getting that wrong.
As I say, these details sound good, I can’t argue with any of them on their own. But does this really mean that ordinary users are getting an improvement in their security? And can this hope to be compliant on its own?
At best, Google is simply following the path taken by Amazon when customers demanded a feel-good feature providing a false sense of security with no compliance. I’ll explain what I mean next week.