GarbleCloud is proud to announce the launch of our Encryption Key Management Service (GC-EKM) for Google Workspace Client-Side Encryption (GWS-CSE). In short, CSE enables you to apply a layer of protection for enhanced security and privacy to the most sensitive content your organization stores or generates in GWS applications. Once turned on, CSE encrypts (and decrypts) content on the client device so that only the user can see and modify the content. Neither Google nor a key-management service like GarbleCloud will have access to the content of the ‘client-side encrypted’ data. The cool thing is that despite such encryption (i.e., one that prevents even Google from accessing the content), most features and functionality of the GWS apps work as expected, making little to no difference in user productivity. This way, the customer gets the best of both worlds — all the benefits of GWS applications and top-notch security and privacy for their most sensitive data.
With CSE for Google Drive and Docs, you can now create encrypted google docs/sheets/slides right from your Google Drive ‘New’ prompt. Users can continue collaborating on encrypted google docs with minor changes in user experience. You can also encrypt other files like Microsoft Office documents, PDFs, JPEGs, MP4s, and many more. Each encrypted file or document has a unique AES-256-bit encryption key generated within your browser. These are the data-encryption keys (DEKs). The GC-EKM service then wraps each of these DEKs by your organization’s Master key (‘Key encryption Key’ or KEK), after which the wrapped DEKs are stored with the encrypted objects within the GWS applications themselves. Encrypted objects are seamless decrypted within the browser when you try to access them from within the various GWS applications later on.
CSE functionality continues beyond Google Drive and Docs. Now you can encrypt Google Calendar entries, Google Meet video calls, Gmail, and (soon) Google Chat messages. As a GWS admin, you can activate CSE for your entire domain or only a group of individuals. You must set up your ‘External Key Management’ service (such as GC-EKM) and an alternate ‘Identity Provider Service’ (IdP) from the admin panel. Then, turn ON the CSE for a chosen group of users and the set of GWS apps you want CSE activated for.
GC-EKM provides CSE admins with a dedicated console to manage the permissions for external sharing of encrypted content. The GC-EKM service also stores detailed logs for all operations on encrypted content for audit purposes and provides controls to manage the rotation of KEKs. More extensive key lifecycle management features that meet NIST 800-57 and FIPS 140-2 specifications will soon be available for enterprise customers. These capabilities will be invaluable for businesses in regulated industries looking to comply with stringent compliance regulations for their sensitive data in GWS applications.
If you are an organization on Google Workspace Enterprise Plus/Education-Plus/Education Standard, you can start using GWS CSE today. Try it and see how easy it is to use the most powerful data protection technology without breaking a sweat! Set up your CSE with GarbleCloud’s leading EKM service in minutes, and forget about data breaches or paying extra for compliance and third-party encryption products.
Drop us a line and we will contact you as soon as possible.