The never ending security and privacy threat posed to Cloud providers has led Google to let businesses create their own encryption keys.
The move will likely frustrate the UK government’s plans to increase law enforcement’s surveillance powers, but is it a hollow gesture?
The company hopes to build trust with its customers in response to Microsoft’s claims that the company snoops. Kevin Turner, COO, Microsoft, said: "We don’t read your email. We’re not listening to conversations in your house, driving cars up and down the street to do so."
However, what may make the introduction of encryption keys a hollow gesture is that it has nothing to do with its consumers or SMB offerings.
Rafael Laguna, CEO, Open Exchange, said: "Google has no choice but to do this – customer-supplied encryption keys are the only way for the Internet giant to build trust in its Compute Engine and compete with Amazon, IBM and others.
"But this extra level of security and privacy has nothing to do with Google´s consumer or SMB offerings like Gmail, Google+, Google Docs and Google Apps – here it continues to collect and monetise data at the expense of its customers.
"Until it adopts a more privacy-first approach across all of its products, it still has a long way to go in gaining public trust."
The company still has a long way to go before it can truly live up to its motto of, "Don’t be evil."
Where the company may be succeeding, is in causing problems for the UK government. The move will make the company incapable of decrypting data, even if it is ordered to.
This means that it will be a lot harder for external agencies to gain access to the data, law enforcement agencies would have to mount individual requests to each customer. This is something that would significantly slow down surveillance operations.
As Google’s trade is in collecting and essentially monetising your data, its position against UK and US surveillance plans could be seen as somewhat hypocritical.
Effectively, the company is saying that it is ok to use all your data to make money, but it’s not ok for it to be used to potentially stop crimes.
The company is one of a 140 companies that sent an open letter to President Obama to urge him to reject anti-encryption proposals.
Jacob Ginsberg, Senior Director, Echoworx, said: "This move won’t keep the majority of business’ email or data secure. However, it does appear that in the face of recent controversy, the large players in the technology industry are taking notice regards people’s right to communicate privately."
The uniting of the tech industry to battle security fears is something that Rackspace is also looking to do.
According to Brian Kelly, CSO, Rackspace, speaking to The Register, cloud companies need to come together to share information.
The idea of the group would mean that when one detects an attack or threat, the other members are made quickly aware of it so that the industry is better positioned to combat emerging threats.
A group that could include companies such as Intel, Dropbox, Google, Microsoft and AWS may be launched later this year.
Kelly, who recently spoke to CBR, highlighted a gap in the market which made it almost impossible for SMB’s to effectively combat security threats. With this in mind Rackspace appears to be aiming for a Security Operations Centre – as- a-Service initiative.
The whole interview with Kelly can be found here.