Sensitive customer data, creating content being increasingly stored and shared using Google Drive. Risk of data leakage, and unwanted sharing is deemed too great.
Company has been using G Suite for a few years and all sorts of unstructured content is being uploaded to Google Drive by employees and partners.
Their IT is interested in encrypting all content in Google Drive.
On-prem they have a solution for file-system encryption from Thales but that does not help with protecting the content that is moving to the cloud.
They want to bulk encrypt all user-generated content in Google Drive accounts in their domain to protect them leaking in case of account compromise.
However, they want to retain the ability to inspect encrypted files using their prevalent DLP solution — users should not be able to upload/exfiltrate undesirable/sensitive content by employing encryption and thus making content opaque to DLP. Therefore, we needed to figure out how to allow the DLP solution to examine the file content in spite of encryption.
They have high-turnover, so they want to ensure continuity of access to their encrypted content even after an employee leaves the company.
The implementation to support their cloud-DLP solution with GC is currently ongoing. Once testing is done, GC will be rolled out for their 600 strong employee-base.