The company’s new Cloud Key Management Service (KMS) will let companies manage their encryption keys on the Google Cloud Platform. Businesses of all sizes must encrypt their data both where it is stored and when it is being moved across a network in the face of myriad security threats. To unlock that data for viewing of processing, a user will need encryption keys, which are sort of like super passwords but much harder to crack.
KMS, now in preview, will let customers keep encryption keys for data stored in Google—or anywhere else—on the Google cloud, Jennifer Lin, director of product management for cloud security tells Fortune.
Google already manages server-side encryption keys for customers who store data in its cloud. But now those who want to manage their own keys can opt for this new service.
In 2015, Microsoft (MSFT) launched Azure Key Vault, a similar service for its public cloud. Amazon (AMZN) Web Services, the largest and oldest of the public clouds, has offered a key management service since 2014 that lets customers store and manage their keys both in the Amazon cloud and on premises.
AWS, Azure, and Google Cloud Platform are seen as the three largest public cloud providers. These companies have aggregated massive pools of servers, storage, and networking in data centers around the world and sell that shared capacity to businesses wanting to cut their own data center costs.
Get Data Sheet, Fortune’s technology newsletter.
Google KMS, which is tied into two previously announced Google’s existing Cloud Identity Access Management and Cloud Audit Logging services.
Google enterprise chief Diane Greene has repeatedly asserted that Google’s data centers are far safer from physical threat than other data centers and that Google’s personnel see so much Web traffic they have a good idea of where threats originate.
For more on Google’s cloud, watch:
Customers, regardless of size have to utilize and constantly update their security stance in the face of changing threats. “There is no one ring to rule all rings,” says Garrett Bekker, principal security analyst at 451 Research.
That means companies have to encrypt data no matter where it is or where it’s going, and then protect the encryption keys at all costs. Google is taking an important step in this direction.