A compromised Google account provides access to all data this user has access to. Encrypting that data is an effective measure against data exfiltration, but managing the lifecycle of these keys over time, and at scale, is complex. In addition, it is a best practice to store encryption keys separated from the encrypted data. If left on the platform, Google can access the keys and data.
Organizations that value the privacy of their data because it contains valuable intellectual property or because they operate in highly regulated industries such as finance, defence, or government must take ownership of their encryption keys. Regulations such as the GDPR and the Schrems-II ruling also dictate that data owners must control their keys and store them separately from the encrypted data.
Google Workspace Client-Side Encryption (CSE) integrates directly with Fortanix Data Security Manager (DSM) as an External Key Manager (EKM) so customers have full control and ownership of their encryption keys, and therefore, their data. With this setup, customers can centrally store and manage encryption keys, outside of Google’s infrastructure to simply address compliance requirements such as retaining key custody, and segregating keys from data (GDPR/Schrems-II). With Fortanix DSM as an external KMS, customers can collaborate sensitive data using Google Docs and Google Drive, while neither Google nor Fortanix decipher the customers’ data.
Fortanix offers a wide range of encryption methods, so customers can easily transition to advanced algorithms such as AES-256, one of the most secure and quantum-resilient algorithms available now. Such strong encryption methods keep sensitive data safe for as long as is currently imaginable.
Easy to deploy, integrate, and control
Fortanix provides a centralized, SaaS-based key management service that allows organizations to quickly uplevel their data security and easily manage the lifecycle of the cryptographic keys for Google Workplace projects. Native Google Workspace integration enables a great end-user experience, while security teams can simply control the location and distribution of keys from a centralized and intuitive management interface.
EKM provides an additional layer of security for when users collaborate on sensitive data with Google Workspace, and storing such data on Google’s infrastructure. With Fortanix as an EKM, data remains protected under the organization's control even if the cloud infrastructure is compromised. The separation of the encryption keys from the data they protect reduces the risk of data breaches.
EKM eliminates the risks of compromised keys in a shared infrastructure with complete key custody, in contrast to using cloud-native key management. Neither Google nor Fortanix can access the encryption keys, proofing the solution from governmental subpoenas. Keys are never cached on Google cloud, and access can be revoked anytime. Security teams get detailed logs of key usage from each Google Workspace user. Using Fortanix as an EKM helps organizations meet compliance requirements such as HIPAA, PCI, GLBA, Schrems, and GDPR.