Jump to Content
Public Sector

Stronger privacy control for the public sector with client-side encryption

June 24, 2022
Guelnoji Njetein

Product Manager, Client Side Encryption, Google Cloud

Stronger privacy control for the public sector with Client-side encryption

 Government agencies regularly work with sensitive data, such as financial data, personally identifiable information, or proprietary information. Handling this data requires agencies to meet confidentiality and compliance requirements. At the same time, agencies don't want to compromise on the collaboration experience they provide to their employees. 

Control confidentiality of your data through encryption keys 

Encryption is an important technical control that limits a cloud provider’s access to customer data. Google Workspace already uses the latest cryptographic standards (Advanced Encryption Standard) to encrypt all data at rest and in transit between our facilities.

With client-side encryption, Google Workspace is going a step further by letting agencies retain complete confidentiality and control over their data by choosing how and where their encryption keys are stored. This can mean storing encryption keys within the borders of a specific country, hosting them in a separate cloud or on-premise to restrict access as narrowly as within a single local area network. At the same time, agencies can enable their users to connect securely from any approved device at any time to access Google Workspace without the need for legacy desktop clients. With these additional controls, users can still collaborate on shared documents in a manner similar to what they are accustomed to.

Here's how it works

Agency teams choose how and where to store their encryption keys either managing this themselves or through a trusted third-party. Then, they connect Google Workspace to their key service and enable client-side encryption for their organization.  They also have the flexibility to enable it for specific users, organizational units or shared drives. After that, users can create new encrypted documents, spreadsheets, or presentations inside Google Drive. 

Creating an encrypted document is easy. Simply select which type of document you’d like to create and choose “Blank encrypted document” from the menu. Client-side encryption is currently available for Google Docs, Sheets, Slides, and other file type supported by Google Drive such as Office or PDF. Other Google services, including Gmail, Google Calendar and Meet, will have client-side encryption at a later release. 

Client-side encryption
Easily create encrypted documents, spreadsheets, or presentations inside Google Drive

Users can also upload existing sensitive documents in Google Drive while preserving complete confidentiality. Users who need to view or edit an encrypted document can do so with any Google Workspace account, without compromising security and confidentiality. When an encrypted document is shared via Google Drive, the customer key service ensures only authorized and authenticated users can open the document.

Share and collaborate encrypted documents with authorized team members

Get Google Workspace collaboration experience with customer controlled keys today

At Google Cloud, we remain committed to equipping our customers with powerful technical solutions that keep our users safe, their data secure, and their information private. To learn more about security and compliance features, including client-side encryption, register for our Google Workspace for Government Demo Series. The series features nine demo-based training videos that showcase admin and end user tools helping government organizations stay secure and productive.

Posted in