0

According to their documentation:

Networks and subnetworks handle communication between instances and serve as a gateway between instances and other networks. A network is constrained to a single project; it cannot span projects. However, a project can have multiple networks.

From what I understand, as long as the instance doesn't have an external IP address with an open firewall, nobody can connect to it or intercept traffic besides for an instance in my project. So I can send traffic between them without encrypting it. Do I understand it correctly?

elipoultorak
  • 111
  • 1
    Yes, theoretically in an internal subnet only you and Google know what's going on. There have been some [known sniffing attempts](https://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html) , especially if your instances are in different regions but you probably shouldn't worry about this now. – Jedi Jun 22 '16 at 13:45
  • Are you saying Google stopped cooperating with PRISM? By the way, I'm not so worried about PRISM because if I was, then sending encrypted is not going to help: Google can just get the private key from your SSD. I'm worried about other projects hosted on Compute Engine seeing the data. – elipoultorak Jun 23 '16 at 10:03

1 Answers1

1

Cloud Platform services automatically encrypt data before it is written to disk. For example, the data for each Cloud Storage object is encrypted under the 256-bit Advanced Encryption Standard, and each encryption key is itself encrypted with a regularly rotated set of master keys. The same encryption and key management policies used for your data in Cloud Platform are used by many of Google's production services, including Google Docs, Gmail, and Google's own corporate data.

Because it’s linked to most ISPs in the world, Google’s global network helps to improve the security of data in transit by limiting hops across the public Internet. Cloud Interconnect and managed VPN allow you to create encrypted channels between your private IP environment on premises and Google’s network. This allows you to keep instances completely disconnected from the public internet while still reachable from your own private infrastructure.

George
  • 639
  • 3
  • 6