Google has announced that users will now be able to use bring-your-own-keys to encrypt compute resources, stating confidently that ‘security is at the core of Google’s architecture.’

Revealed in a company blog, company exec Leonard Law said: “Google Compute Engine already protects all customer data with industry-standard AES-256 bit encryption. Customer-Supplied Encryption Keys marries the hardened encryption framework built into Google’s infrastructure with encryption keys that are owned and controlled exclusively by you.

“You create and hold the keys, you determine when data is active or at rest, and absolutely no one inside or outside Google can access your at rest data without possession of your keys. Google does not retain your keys, and only holds them transiently in order to fulfill your request.”

Jacob Ginsberg, Senior Director at Echoworx, however, doubts that business’ data will be secured, although Google’s move does signal wider acknowledgment of data privacy. He said:

“Google’s recent announcement about offering its Compute Engine users their own encryption keys will only affect businesses that use Google to host custom applications. While it is a response to Microsoft’s comments that Google snoops, but it doesn’t change the fast that Google still has access to customer email data via Google Apps or Gmail.

“This move won’t keep the majority of business’ email or data secure. However, it does appear that in the face of recent controversy, the large players in the technology industry are taking notice regards people’s right to communicate privately.”

Rafael Laguna, CEO at Open-Xchange, shared this scepticism and indicated that Google has a long way to go in order to gain public trust over data.

“Google has no choice but to do this – customer-supplied encryption keys are the only way for the Internet giant to build trust in its Compute Engine and compete with Amazon, IBM and others. But this extra level of security and privacy has nothing to do with Google´s consumer or SMB offerings like Gmail, Google+, Google Docs and Google Apps – here it continues to collect and monetise data at the expense of its customers. Until it adopts a more privacy-first approach across all of its products, it still has a long way to go in gaining public trust.”