Thales Supports Customer-Supplied Encryption Keys on Google Cloud

The nShield HSM "bring your own key" is now available for Google customers supplying keys.

February 14, 2017

4 Min Read


RSA Conference, San Francisco, CA – Thales, a leader in critical information systems, cybersecurity and data protection, announces support for Google Cloud Platform’s Customer-Supplied Encryption Key (CSEK) functionality. Google Cloud Platform customers can now generate, protect, and supply their encryption keys to the cloud using an on-premise, FIPS-certified nShield hardware security module (HSM) from Thales. The new CSEK support empowers enterprise customers who want to move workloads and data to the Google Cloud Platform, but need to retain control of their key material on-premise.

Click to Tweet: BYOK w/@Thalesesecurity @Google Cloud Platform makes it easier for customers to control #encryption keys

Jon Geater, CTO at Thales e-Security says:

"While most enterprises want to take advantage of public clouds, some have requirements to generate and manage encryption key material on-premise. In introducing Customer-Supplied Encryption Keys, Google is allowing customers to implement a separation of duties as required. Customers using nShield HSMs and leveraging Google Cloud Platform can manage their keys from their own environments for use in the cloud, giving them greater control over how key material is generated."

Protected by FIPS 140-2 Level 3 certified hardware, nShield uses strong methods to generate keys based on nShield’s high-entropy random number generator. Following generation, nShield exports customer keys into the cloud for one-time use via Google’s Customer-Supplied Encryption Key functionality. Using this feature, keys are only stored in memory, and discarded by Google after use. Customers can also leverage nShield HSMs on-premise for key storage protection and resilient disaster recovery mechanisms, giving them greater control over their key lifecycle.

Many enterprises must meet strict security standards due to internal or regulatory compliance rules, which sometimes presents a barrier to cloud usage. Thales nShield support for Google’s Customer-Supplied Encryption Key allows them to adopt key management practices that strengthen their cloud security and subsequently helps them implement their compliance controls.

Thales nShield HSMs are FIPS 140-2 Level 3 certified, tamper-resistant devices. nShield HSMs are also Common Criteria certified and are recognized as Qualified Signature Creation Devices (QSCDs) under the European eIDAS requirements. Thales is technology member of the Google Cloud Platform partner program.

About Thales e-Security

Thales e-Security is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premise, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales e-Security is part of Thales Group.

About Thales

Thales is a global technology leader for the Aerospace, Transport, Defence and Security markets. With 62,000 employees in 56 countries, Thales reported sales of €14 billion in 2015. With over 25,000 engineers and researchers, Thales has a unique capability to design and deploy equipment, systems and services to meet the most complex security requirements. Its exceptional international footprint allows it to work closely with its customers all over the world.

Positioned as a value-added systems integrator, equipment supplier and service provider, Thales is one of Europe’s leading players in the security market. The Group’s security teams work with government agencies, local authorities and enterprise customers to develop and deploy integrated, resilient solutions to protect citizens, sensitive data and critical infrastructure.

Thales offers world-class cryptographic capabilities and is a global leader in cybersecurity solutions for defence, government, critical infrastructure providers, telecom companies, industry and the financial services sector. With a value proposition addressing the entire data security chain, Thales offers a comprehensive range of services and solutions ranging from security consulting, data protection, digital trust management and design, development, integration, certification and security maintenance of cybersecured systems, to cyberthreat management, intrusion detection and security supervision through cybersecurity Operation Centres in France, the United Kingdom, The Netherlands and Hong Kong.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights