Protecting Your Data in Google Workspace with Client-Side Encryption
“We consistently hear from our customers that the privacy of their data is top of mind, which is why we’ve built state-of-the-art security and privacy-preserving technologies into our products”
Andy Wen Director, Product Management, Google Workspace Security
Self-determination over one's own data and the protection of personal information have become increasingly important in today's digital era. To address these concerns, concepts such as Hold Your Own Key (HYOK) and data protection with client-side encryption have grown in popularity. From a data privacy perspective, these concepts focus on giving individuals and organizations the ability to retain control over their own data and ensure that no one else, not even the service provider, has unauthorized access to sensitive information.
One of the fundamental principles behind HYOK is separation of duty, which means that the provider of a service should not have both the data and the key to it. By using client-side encryption, users can encrypt their data before it is sent to a cloud service like Google. This means that the data remains encrypted from the service provider, and only the user has the key to decrypt and access the information.
By implementing HYOK and maintaining control over their own key, users can achieve several benefits in terms of data protection and privacy. Firstly, it provides an extra level of security by preventing unauthorized access to the information, even if the security of the cloud service were to be compromised. Secondly, it gives the user stronger control over their own data and the ability to determine who can access it.
By prioritizing user privacy and control, HYOK and data protection with client-side encryption offer an effective way to address data privacy concerns in a time when digital threats and privacy breaches are increasingly common. By putting the user in control of their own data, it enables a heightened sense of security and confidence when using cloud services like Google.
Google Workspace: Protect Your Data with Your Own Key and Encryption
Google Workspace is a cloud service that offers a range of tools for collaboration, communication, and productivity. Many organizations use Google Workspace to store, share, and process their data in the cloud. But how secure is the data in Google Workspace? And who really has access to it?
This is where Client-Side Encryption (CSE) comes into play. CSE is a feature that allows users to encrypt their data on the client side before it is sent to Google Workspace. This means that the data is protected with a key that only the user controls. No one else, not even Google, can read or modify the data without the key.
“Client Side encryption gives you the ability to encrypt your data in a way that only you can read it. It's an extra layer of security that you can choose to add.”
CSE works with various types of data and services in Google Workspace, such as:
Drive: Users can encrypt files and folders on Drive. This applies to both personal and shared files. Encrypted files can still be opened and edited using Google Docs, Sheets, and Slides, but only by those who have access to the key.
Gmail: Users can encrypt emails with CSE before sending or receiving them. Encrypted emails can only be read by the recipient who has the key. No one else, including Google, can scan or analyze the content of the emails.
Meet: Users can encrypt video calls with CSE to protect their communication. Encrypted video calls can only be seen and heard by the participants who have the key. No one else, including Google, can record or monitor the video calls.
To protect data with client-side encryption in Google, organizations need an external Key Management Service (KMS) that generates and stores the keys. There are several options for services that create keys, but one of the best is Thales CipherTrust Manager. Complior is a Swedish provider that offers CipherTrust Manager (KMS) as a service from Thales. It is offered as a service that is integrated and ready for use with Google Workspace. With Complior, customers gain full control over their keys to Google and a guarantee that their key is stored in secure data centers in Stockholm, Sweden.
In summary, CSE is a powerful feature that enables organizations to protect their data in Google Workspace. With CSE, users can be confident that their data is theirs alone and belongs to no one else. To use CSE, users need a key management service that provides them with full control over their keys to Google.