Thursday, March 31, 2022

Stronger data security and privacy with Google Workspace Client-side encryption, GA support for Drive, Docs, Sheets, and Slides

 What’s changing 

Last year we announced the beta for Google Workspace Client-side encryption. Now, this feature is generally available for Google Drive, Docs, Sheets and Slides, with support for multiple file types including Office files, PDFs, and more. 
This is a step in our commitment to enable Client-side encryption across Google Workspace, including Gmail, Meet, and Calendar. Follow the Google Workspace Updates blog to be informed on our next milestones on Client-side encryption. 

Who’s impacted 

Admins 

Why it’s important 


Google Workspace already uses the latest cryptographic standards to encrypt all data by default, at rest and in transit between our facilities. Client-side encryption goes beyond this, giving you authoritative control and privacy as the sole owner of private encryption keys and the identity provider used to access those keys. 
This can help you strengthen the confidentiality of your sensitive or regulated data while addressing a broad range of data sovereignty and compliance needs. 
When using Client-side encryption, your data is indecipherable to Google. You can create a fundamentally stronger privacy posture, whether that’s to help your organization comply with regulations like ITAR and CJIS or simply to better protect the privacy of your confidential data. 
Read our announcement blog post to learn our plans for Client-side encryption across Google Workspace.

Additional details 

To enable Client-side encryption, you’ll choose a key access service partner: Flowcrypt, Fortanix, Futurex, Stormshield, Thales, or Virtru. Each of these partners have built tools in accordance with Google’s specifications and provide both key management and access control capabilities. Your partner of choice either holds the key to decode encrypted Google Workspace files or simply provides you with software that allows you to hold the keys on-premise. Either way, Google cannot decipher these files without this key, which Google never has access to. You can also decide to build your own key service implementation using our API specifications


Client side encryption



Getting started 

Rollout pace 

Availability 

  • Available to Enterprise Plus and Education Plus customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Education Fundamentals, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers.  

Resources