Stormshield KMaaS 4.1 new features and enhancements

For information about the Google services supported by the Stormshield KMaaS (client-side encryption), refer to the section Supported services and data types of Google documentation About client-side encryption.

Support for Google Drive

With the Stormshield KMaaS, users can now encrypt confidential files in Google Drive and read them. This feature is available on Windows and macOS workstations, and on mobile iOS and Android devices.

Support for Gmail

Gmail messages and attachments can now be secured with the Stormshield KMaaS.

Support for Google Calendar

Google Calendar data can now be secured with the Stormshield KMaaS.

Support of customized access rules

The Stormshield KMaaS now supports the Open Policy Agent (OPA) technology, allowing administrators to create their own customized access rules to the Stormshield KMaaS.

Migration of the KACLS

The Stormshield KMaaS is compatible with Google's new specifications regarding the migration of an encryption service (KACLS) to another, allowing in particular a massive migration in a single operation.

Identity provider

The local config.json configuration file now makes it possible to add several clientIDs for the user connection. Google applications configured locally will therefore be supported.

It is now possible to use OpenID JWKS (JSON Webkey Set) configurations to configure user identity providers.

Remote configuration file

Access to the remote configuration file .well-known/cse-configuration can now be disabled so that the local file can be used to validate user authentication.

Mass extraction and decryption of encrypted data

To ensure that data can be reversed, you can now extract all encrypted data and decrypt all of it in a single action using the Google tool (currently in beta version) and the Stormshield KMaaS. Stormshield must first provide you with a specific configuration. Please note that in the Beta version of the Google tool, only Gmail and Drive files can be used after decryption. Files from other Google Workspace applications are decrypted but not usable.

Compliance with RFC 7519

The Stormshield KMaaS is now compliant with RFC 7519 and supports multiple values for the "aud" field of the authentication token.

HTTP proxy

If there is an HTTP proxy in your network environment, it can now be used to manage the external requests of the Stormshield KMaaS.

Cache

The Stormshield KMaaS now includes a cache for external requests (e.g., openid connect, jwks), which optimizes response time.

Logs

Some logs are now issued for the /health API route.