Jump to Content
Product Announcements

More choice in Google Workspace with new client-side encryption partners

November 1, 2023
Johney Burke

Senior Product Manager, Google Workspace

Google Workspace Newsletter

Keep up with the evolving future of work and collaboration with insights, trends, and product news.


At Google Workspace, we consistently hear from our customers that the privacy of their data is top of mind, and that they need to ensure their confidential data cannot be accessed by any third party, including Google or foreign governments. Client-side encryption (CSE) is a state-of-the-art privacy-preserving technology that keeps customer data private and allows the customer to be the sole arbiter of their data.

We are delighted to announce that Google has now partnered with global data security leader, Thales, to provide customers with a variety of key service options when they enable CSE in Workspace. In addition, Google has launched strategic partnerships with Stormshield and Flowcrypt, who also provide options for customers to manage their own encryption keys and help keep their data sovereign and confidential.

Helping provide choice and control over your encryption keys

Workspace already encrypts data at rest and in transit by using secure-by-design cryptographic libraries. CSE takes this encryption capability to the next level by helping to ensure that customers have sole possession of their encryption keys — and thus complete control over access to their data, which can make it indecipherable to Google and other external entities. This can enable an additional layer of data protection and control while allowing end users to continue using their favorite Workspace apps on the web or mobile apps without special agents, extensions, or legacy desktop clients. 

Client-side encryption in action in Google Docs

With new key service solutions from partners like Thales, Stormshield, and Flowcrypt, customers can maintain granular data control and localize their encryption keys per region. For example, Thales’ globally supported CipherTrust Data Security Platform can be used to encrypt data in Gmail, Google Drive, Docs, Sheets, Slides, Calendar, and Meet for a given region. 

Client-side encryption, when combined with our partners solutions, can help organizations address a number of important needs:

  • Confidentiality for organizations working with sensitive intellectual property. 
  • Compliance support for organizations in highly-regulated industries that have ITAR, CJIS, TISAX, IRS 1075, and/or EAR requirements.
  • Data sovereignty for organizations needing demonstrative data control via encryption keys that can be held at a specific site, within a nation’s borders, or any other defined boundary. 
  • Export control for public sector organizations that need to ensure data is encrypted and the keys are inaccessible outside their country’s borders.

Learn more

We are excited about these new partnerships and the data control options they offer our customers. With Thales’ global support and proven platform, Stormshield’s growing presence in 40+ countries, and Flowcrypt’s focus on EMEA, Google Workspace customers are well equipped to help meet their compliance and sovereignty needs in virtually every region.

You can learn more about CSE by watching our Cloud Next ‘23 session and reading our technical documentation.

Posted in