Google Encryption for Clouds

December 13th, 2017 by admin Leave a reply »

Largest cloud networks in the planet is operated by Google. It employs multiple techniques to keep the data secure. Company is now providing some insight about the encryption techniques.

Google, like others, uses Transport Layer Security (TLS) to encrypt connections for data in motion from external hosts to the Google Cloud. But Google has its own method for encrypting data connections within its own data centers. It is called Application Layer Transport Security (ALTS).

“We get a lot of customer questions about encryption, so we’re trying to build trust through transparency,” Maya Kaczorowski, Security and Privacy Product Manager at Google, told eSecurityPlanet.

Kaczorowski mentioned that when a user connects to the Google Cloud, by default the connection is encrypted with TLS. Google is making use of TLS 1.3, which is not yet an official IETF standard.

Container vendor Docker has a model similar for its Swarm orchestration technology called mutually authenticated TLS (mTLS).

“TLS uses X.509 certificates, while ALTS uses protocol buffers,” Kaczorowski said.

Kaczorowski said that Protocol Buffers are a language-neutral technology for serializing data.

“It’s not based in hardware, Protocol Buffers are just a way for storing and transmitting information,” Kaczorowski said.

Kaczorowski mentioned that BeyondCorp is all about how Google employees access internal applications and resources.

“With ALTS, what we’re talking about is how every service at Google can authenticate with each other,” Kaczorowski said.

Company is also working on the open-source Istio service mesh project for Kubernetes.

“Istio authentication automatically aims to encrypt data transit between services,” she said. “The concept is similiar to ALTS.”

“For encryption in transit we have encryption at the network layer (Layer 3) and at the application layer (Layer 7),” Kaczorowski said. “With encryption at rest we’re encrypting both at the storage device layer and at the storage system layer.”

“We want to have multiple layers that we can fall back on,” she said.


AlertSec ACCESS checks all computers and smartphones and detects all encryption types

Leave a Reply