Google said it will encrypt data warehoused in its Cloud Storage service by default.
The server-side encryption is now active for all new data written to Cloud Storage, and older data will be encrypted in the coming months, according to Dave Barth, a Google product manager.
"If you require encryption for your data, this functionality frees you from the hassle and risk of managing your own encryption and decryption keys," Barth said. "We manage the cryptographic keys on your behalf using the same hardened key management systems that Google uses for our own encrypted data, including strict key access controls and auditing."
The data and metadata around an object stored in Cloud Storage is encrypted with a unique key using 128-bit Advanced Encryption Standard algorithm, and the "per-object key itself is encrypted with a unique key associated with the object owner," Barth said.
"These keys are additionally encrypted by one of a regularly rotated set of master keys," he said. "Of course, if you prefer to manage your own keys then you can still encrypt data yourself prior to writing it to Cloud Storage."
Data collection programmes revealed by former US National Security Agency contractor Edward Snowden have raised questions about US government data requests made to internet companies such as Google for national security investigations.
A Google spokeswoman said the company does not provide encryption keys to any government and provides user data only in accordance with the law.
"Our legal team reviews each and every request, and we frequently push back when the requests appear to be fishing expeditions or don't follow the correct process," she said. "When we are required to comply with these requests, we deliver it to the authorities. No government has the ability to pull data directly from our servers or network."