Google Client Side Encryption (CSE)

Google’s Client-Side Encryption (CSE) is a security feature that allows organizations to enhance the privacy and security of their data stored in Google Workspace applications by encrypting the data within their own environment, ensuring that only the organization holds the keys to decrypt it.

• End-to-End Data Protection: CSE ensures that data is encrypted before it reaches Google’s servers. This means Google cannot access the content, as the encryption keys are held exclusively by the organization.
• Zero-Knowledge Proof: Google cannot decrypt or access the encrypted data because it does not hold the encryption keys, enhancing data privacy.
• User-Managed Keys: A trusted third party (in this case Cogito Group) maintains the encryption keys, offering better control over who can access sensitive data.
• Data Security Compliance: Helps meet stringent data privacy regulations and compliance requirements, such as GDPR, CCPA, and others.

Supported Workspace Services

• Google Drive: Encrypts documents, spreadsheets, presentations, and other types of files.
• Google Meet: Ensures that meeting data, including audio and video content, is protected with client-side encryption.
• Google Calendar (beta): Enables organizations to encrypt event details to prevent unauthorized access.
• Google Docs, Sheets, and Slides: Provides client-side encryption for collaborative documents, protecting content even during editing and sharing.

Google Customer-Supplied Encryption Keys (CSEK) is a feature that allows organizations to use their own encryption keys to protect data stored in Google Cloud Platform (GCP). This feature offers an additional layer of control and security, ensuring that organizations retain control over data access by managing their encryption keys externally.

Key Features:

• Full Control Over Keys: Organizations provide and manage their own encryption keys, granting them exclusive control over the data encryption process.
• Enhanced Data Security: Adds a layer of security by enabling data encryption with a key that only the customer can access, ensuring that Google does not have the ability to decrypt the data.

Supported GCP Services:

• Google Cloud Storage: Store and manage encrypted data with keys supplied by the customer.
• Compute Engine: Use CSEK for data stored on persistent disks and snapshots.
• Cloud Storage Buckets: Encryption of objects within buckets can be managed using CSEK.
• BigQuery: Manage encryption of data within BigQuery using customer-supplied keys.

Download our google cloud Fact Sheet below