Client Side Encryption (CSE) is a key solution for ensuring that your cloud service provider cannot read the data you entrust to them. Data is encrypted and decrypted on the user’s workstation, before being sent to the cloud. In the case of SaaS services, the user’s web browser will generally perform these operations.

In the course of 2023, Google turned its attention to the implementation of CSE within its Google Workspace offering. Gradually, the CSE spectrum was extended to a growing number of Google services.

A growing range of services… and features

Two tools will be required before client-side encryption can be enabled on Google Workspace: an identity manager and an encryption key manager. Cosmian kms (Key Management System) takes care of your encryption keys. It includes standard interfaces for connection to both Google Workspace CSE and Microsoft 365 DKE. It is also compatible with all identity management solutions supporting the OIDC (OpenID Connect) protocol.

Cosmian kms keeps pace with developments in Google Client Side Encryption: encryption of Google Drive (Docs, Sheets, Slides), Google Meet conversations and Google Calendar, as well as S/MIME support within Gmail. More recently, guest management has been added, making it possible to share encrypted documents or conduct secure conversations with people outside the organization. Particular attention has been paid to migration functions, which will make it easier to switch from a third-party KMS to Cosmian’s.

Simple installation and limited impact on users

Cosmian kms is open source, auditable and verifiable. You’ll find it directly on the Google Cloud marketplace, enabling effortless deployment on hyperscaler infrastructures. Cosmian kms operates within a confidential virtual machine whose contents remain encrypted, even when loaded into the server’s RAM.

System administrators wishing to activate CSE within Google Workspace must first check that their organization has Enterprise Plus licenses. He will then deploy and configure identity and encryption key managers. Finally, he or she chooses which users have access to client-side encryption, and even which users must use it. Buttons linked to the specific functions introduced by CSE will then appear in the Google Workspace applications of the users concerned. The impact on users remains minimal, as does the need for support and training.

The Cosmian kms product stands out for simplifying S/MIME configuration. It lets you create key and identity pairs to configure S/MIME for different users in a single command. This simplification significantly reduces administrative effort while ensuring robust security.

Protect your data with native encryption integration for Google Workspace collaborative applications with Cosmian kms. Contact us for more information.