Stormshield Data Security for Google Workspace is a solution in which corporate data managed in the Google Workspace ecosystem can be protected, edited and consulted. Google Workspace is Google’s cloud-based application suite for professionals. For more information, refer to the Google documentation
SDS for Google Workspace relies on Google Client Side Encryption (CSE), the end-to-end encryption method that Google offers for its Google Workspace applications. CSE is configured in the Google administration console. This technology is available only on Chrome browsers.
Google generates DEKs (Data Encryption Keys) to encrypt files. Before such keys are stored on Google servers, SDS for Google Workspace wraps them using KEKs (Key Encryption Keys).
SDS for Google Workspace is installed in your on-premise or cloud-based infrastructure; KEKs are therefore stored with you and never sent to Google servers.
Before performing cryptographic operations, SDS for Google Workspace first conducts a double verification:
- Authentication: checks the identity of the user requesting the operation,
- Authorization: checks the user’s access privileges for the file to encrypt/decrypt.
SDS for Google Workspace generates logs for all the operations that it performs.