Getting started

The SDS encryption service for Google Workspace is a solution in which corporate data managed in the Google Workspace ecosystem can be protected, edited and consulted. Google Workspace is Google’s cloud-based application suite for professionals. For more information, refer to the Google Workspace documentation.

The SDS encryption service for Google Workspace relies on Google Client Side Encryption (CSE), the end-to-end encryption method that Google offers for its Google Workspace applications. CSE is configured in the Google administration console. This technology is available only on Chrome browsers. For more information, refer to the Google Client Side Encryption documentation.

Google generates DEKs (Data Encryption Keys) to encrypt files. These keys are also encrypted by the SDS encryption service for Google Workspace using KEKs (Key Encryption Key) before being stored on the Google servers. For more information, refer to the Google documentation on encryption operation.

The SDS encryption service for Google Workspace is installed in your Cloud infrastructure: KEKs are never transmitted to the Google servers.

Before performing cryptographic operations, the SDS encryption service for Google Workspace first conducts a double check:

• Authentication: checks the identity of the user requesting the operation,
• Authorization: checks the user’s access privileges for the file to encrypt/decrypt.

The SDS encryption service for Google Workspace generates logs for all the operations that it performs.

NOTE
The use of the solution in any way other than as described in the documentation is not managed. Alternatively, get in touch with Stormshield Support for clarification.

This guide describes how to deploy the SDS encryption service for Google Workspace as an SaaS solution. To implement the solution on site, contact your commercial referent Stormshield.