Fortanix and Google Partner to Deliver Google Workspace Client-side Encryption (CSE)

Fortanix® Inc., the data-first multicloud security company, today announced that its Data Security Manager Platform (SaaS/ On-Prem) has been integrated with Google Workspace Client-side encryption (beta is available), a new privacy and confidentiality offering for Google Workspace users.

The partnership enables Google Workspace users to retain sole authority and control over the cryptographic keys for encrypting data and documents on Google Workspace with enhanced key management capabilities offered by Fortanix.

In the wake of rising adoption of cloud technologies and digitization, and a renewed focus on data security, the need to adhere to the associated regulatory compliance is increasing across every vertical and sector worldwide.

The pressure comes from not only regulatory bodies but also consumers. Moreover, with the surge in the number of workers opting for remote work and the majority of enterprises considering operating fully or partially remotely, businesses need solutions to facilitate seamless collaboration; and need to do so while meeting all regulatory and security requirements.

“In pre-pandemic times, businesses were more focused on managing front-end operations and logistics while remote working capabilities and digitization were considered good-to-have,” said Ambuj Kumar, CEO and co-founder of Fortanix. “Thus, less time, effort and money were spent on threat research, incident analysis and incident response.”

Fortanix Data Security Manager integrates with Google Workspace CSE and enables customers to manage their own keys by acting as an external key manager while moving their data to the cloud. Not only is the data undecipherable to Google, but the encryption keys are also never stored on Google servers.

The user has complete control over the authorization of Google Workplace data and keys — backed by FIPS 140-2 Level 3 Hardware Security Modules.

Users also get to define and control policies for Google Workspace Key Encryption Key (KEK) from their Fortanix DSM (On Prem/ SaaS) account. Upon receiving the file, the corresponding data encryption key is decrypted using customer-provided keys only after authenticating the user with customer-controlled authentication.

“HSMs are traditionally looked upon as security boxes that have to sit nicely within the office premises. We’re upping the ante with Fortanix DSM SaaS, said Kumar. “Through our partnership with Google Workspace Client-side encryption, Fortanix is offering FIPS 140-2 Level 3 hardware-based protection, with complete separation between users and regions as needed, and many more security features to protect your Google Workspace keys and data — on the go, on any device, anywhere in the world.”

Watch this webinar that dives deeper into Google Workspace security best practices and showcases the value and mobility that Fortanix DSM SaaS brings to the table.

About Google Workspace Client-Side Encryption

Google Workspace Client-side encryption (CSE) enables users to use their own encryption keys to encrypt their organization’s data instead of using the encryption that Google Workspace provides. With Google Workspace Client-side encryption, file encryption is handled in the client’s browser before it’s stored in Google Drive’s cloud-based storage.

That way, Google servers can’t access user’s encryption keys and, therefore, can’t decrypt their data. To use CSE, users will need to connect Google Workspace to an external encryption key service and an identity provider (IdP). 

About Fortanix:

Fortanix® is a data-first multicloud security company solving the challenges of cloud security and privacy. Data is the most precious digital asset of businesses, but this data is spread across clouds, SaaS, applications, storage systems, and data centers. Security teams struggle to track, much less secure it. Fortanix empowers customers to secure all this data with a centralized solution. Its pioneering Confidential Computing technology means data remains protected at-rest, in-motion, and in-use, keeping it secure from even the most sophisticated attacks.