The Hacker News
reports that Google is enabling client-side encryption on Google Workspace, allowing enterprises to directly control encryption keys as well as the identity service they use for accessing those keys.
“With client-side encryption, customer data is indecipherable to Google, while users can continue to take advantage of Google's native web-based collaboration, access content on mobile devices, and share encrypted files externally,” Google said in a statement.
Enterprise users of Google Workspace may choose the service partner that would store their encryption keys between Flowcrypt, Futurex, Thales, and Virtru – all of which offer Google-compatible access control and key management capabilities.
This way, the key that allows encrypted Google Workspace files to be deciphered is in the hands of the access service instead of Google, making it easier for groups that handle sensitive data such as financial information, health care records or intellectual property to comply with privacy rules.
Google also announced plans to enable enterprises to create their own key solutions by releasing the key access service API specifications that are compatible with client-side encryption later this year.