Key Access Control List Service (KACLS)

The KACLS is a solution in which corporate data managed in the Google Workspace ecosystem can be protected, edited and consulted. Google Workspace is Google’s cloud-based application suite for professionals. For more information, refer to the Google Workspace documentation.

The KACLS relies on Google Client Side Encryption (CSE), the end-to-end encryption method that Google offers for its Google Workspace applications. CSE is configured in the Google administration console. This technology is available only on Chrome or Microsoft Edge (Chromium) browsers. For more information on supported browsers, refer to the Google Client Side Encryption documentation, section Browser requirements.

Google generates DEKs (Data Encryption Keys) to encrypt files. Before such keys are stored on Google servers, the Stormshield KMaaS wraps them using KEKs (Key Encryption Keys).

Stormshield KMaaS is installed in your on-premise or cloud-based infrastructure; KEKs are therefore stored with you and never sent to Google servers.

Before performing cryptographic operations, the KACLS first conducts a double verification:

• Authentication: checks the identity of the user requesting the operation,
• Authorization: checks the user’s access privileges for the file to encrypt/decrypt.

The KACLS generates logs for all the operations that it performs.

NOTE
The use of the solution in any way other than as described in the documentation is not managed. Alternatively, get in touch with Stormshield Support for clarification.