Google this week announced the introduction of client-side encryption in Google Workspace, which is meant to provide users with control over the encryption keys used to keep their data safe.
Google’s collaboration and productivity solution was already encrypting data, both when at rest and in transit, but the new feature is meant to provide additional control and ease of mind over the security of data.
In addition to increasing the confidentiality of data, the feature also helps customers meet sovereignty and compliance requirements, as it also offers control over the identity service used to access the encryption keys.
“With Client-side encryption, customer data is indecipherable to Google, while users can continue to take advantage of Google’s native web-based collaboration, access content on mobile devices, and share encrypted files externally,” the Internet giant notes.
Organizations that store sensitive or regulated data (including financial data, healthcare records, and intellectual property) will benefit the most from the new feature, which helps them meet compliance requirements for CJIS, EAR, IRS 1075, ITAR, and TISAX.
Client-side encryption works with key access service partners Flowcrypt, Futurex, Thales, and Virtru, which will be responsible for holding the key to decode Google Workspace data. However, organizations will also be able to build or integrate in-house key services. Google will publish key access service API specifications later this year.
In the coming weeks, Client-side encryption will become available in beta for Google Workspace Enterprise Plus and Education Plus customers, and will support Google Docs, Drive, Sheets, and Slides.
Furthermore, Google is getting ready to provide administrators with additional choices regarding the sharing of files, courtesy of trust rules for Drive. The feature will be rolling out in beta in the coming months, for Enterprise and Education Plus customers.
Now available in Google Workspace is Drive labels, which allows users to classify the files stored in Google Drive, so that they are handled correctly. The feature is integrated with Google Workspace’s data loss prevention (DLP) capabilities, so that admins can set retention policies. Files can also be automatically classified, based on admin-defined DLP rules.
Currently in beta, the Drive labels feature has been released for Google Workspace Business Standard, Business Plus, Enterprise, Education Standard, and Education Plus customers.
In the coming weeks, Google Workspace administrators will have the option to implement phishing and malware protection for content within their organizations, the Internet giant announced.