KMS for Google Workspace (CSE)

Google has a feature called Client-Side Encryption (CSE), that allows secure communication with external encryption keys. This means that you hold your own key (HYOK). 

By using this solution, it’s possible to encrypt data with private external keys for many Google services.

Client-Side Encryption (CSE) is an optional security feature available to users of Google Workspace. With CSE, data will be encrypted before it is stored on Google’s servers, using their own encryption keys.

This means that even if someone gains access to a user’s data, they won’t be able to read it without the encryption key held by the user.

CSE is designed to be easy to use, with encryption and decryption happening automatically in the background.

Google Workspace Client-side encryption is currently available for the following services:
Complior currently offers a KMS as a service powered by Thales CipherTrust Manager, protected by Thales HSM. This service is provided to our customers through secure data centers in Stockholm, Sweden.
CipherTrust Cloud Key Manager (CCKM), which is a licensed component of the CipherTrust Manager, provides key generation, separation of duties, reporting, and key lifecycle management to assist in fulfilling internal and industry data protection mandates. It is FIPS 140-2 Level 3 certified.

This solution enables organizations to:

Supported editions for this feature:

Supported editions for this feature: Enterprise; Education Standard and Education Plus. 

Learn more