Gives users full control over storage data scrambling.
Google Compute Engine customers will now be able to use their own digital encryption keys to protect information stored on the cloud platform, after the IT giant marked the feature as generally available.
Although storage in Google's cloud is scrambled by default, the customer-supplied encryption keys (CSEK) feature provides customers full control over Compute Engine disk encryption.
CSEK means nobody other than the customer will be able to access the scrambled data on the disks, as Google does not hold a copy of the key, apart from a short transient moment to fulfill Compute Engine requests such attaching disks or spinning up virtual machines.
Conversely, if customers lose their CSEKs, there is no way for Google or anyone else to recover the data. Read more >