What is Client-Side Encryption? Understand how Google Workspace client-side encryption works in 3 minutes!

Google Workspace customers often express that data privacy and security are their top priorities. They need to ensure that their company’s confidential information cannot be accessed by any third party, including Google or foreign governments. Client-side encryption (CSE) is an advanced privacy protection technology that ensures the confidentiality of customer data and allows customers to become the sole arbitrators of their data.

Google Workspace recently unveiled a partnership with Thales, a global leader in cybersecurity, offering a range of key service options for customers implementing CSE within Workspace. Furthermore, Google has entered strategic collaborations with Stormshield and Flowcrypt. These partnerships empower customers with choices to manage their encryption keys, ensuring data sovereignty and confidentiality.

What is client-side encryption?

Client-Side Encryption (CSE), through its encryption key mechanisms, adds an extra layer of data protection for enterprises. With control over the encryption key, neither server-side entities nor service providers can access the data. While Google Workspace encrypts data at rest and in transit using secure cryptographic libraries, client-side encryption ensures your complete authority over encryption keys and data access.

For instance, client-side encryption ensures that sensitive data within emails and attachments cannot be decrypted by Google servers. You retain control over the encryption keys and the identity service for accessing those keys. According to Google, this method of client-side encryption empowers users to handle the most sensitive data on mobile devices from anywhere, while adhering to compliance and regulatory requirements.

Google Workspace offers you choices and control over encryption keys

Google Workspace has adopted the latest cryptographic standards to encrypt all static data and services transmitted across its platform. Through Client-Side Encryption (CSE), Google Workspace ensures that enterprise customers exclusively own their encryption keys, elevating encryption capabilities to a new level. This grants customers complete control over their data access, preventing Google and other external parties from decrypting data. It adds an extra layer of data protection and control while allowing end-users to seamlessly continue using Google Workspace on web pages or applications without the need for additional actions or extensions.

• The client-side encryption application for Google Docs

Combined with the solutions from the aforementioned partners, client-side encryption can meet crucial needs of enterprises/organizations:

• To safeguard organizations utilizing sensitive intellectual property.
• To offer compliance support for highly regulated industries with ITAR, CJIS, TISAX, IRS 1075, and/or EAR requirements.
• To provide data sovereignty for organizations requiring demonstrative data control through encryption keys, which can be stored within specific locations, national borders, or any other defined boundaries.
• For export controls concerning government entities that require data encryption and keys inaccessible outside their borders.

How to begin using Google Workspace client-side encryption?

To utilize the client-side encryption feature, a subscription to Google Workspace and administrator settings are required. This functionality is not supported for non-enterprise or education subscription users. Applicable versions include Google Workspace Enterprise Plus, Google Workspace Education Plus, and Google Workspace Education Standard. The client-side encryption feature is initially disabled and administrators need to enable access through the CSE management interface.

Conclusion

Google Workspace is looking forward to the advanced data control services offered by new security partners. Leveraging Thales’ globally supported and validated platform, Stormshield’s growing influence in over 40 countries/regions, and Flowcrypt’s focus on EMEA, Google Workspace enterprise customers have the capability to meet compliance and data sovereignty needs in nearly every region.

If your organization hasn’t yet started using Google Workspace or is looking to upgrade its plan, you can contact Microfusion Technology, a Google Cloud Premier Partner. Microfusion provides exclusive pre-sales consulting and professional technical support after purchasing Google Workspace, resolving your concerns about data migration and various usage difficulties. Moreover, Microfusion Technology consistently offers customers the latest updates on Google Workspace, technology newsletters, and rich-themed online seminars/physical workshops. Feel free to fill out the contact form, allowing Microfusion Technology’s dedicated advisory team to guide your organization comfortably into the cloud!
This article is translated and adapted from the official Google Cloud blog.