Stormshield KMaaS 4.4.0 new features and enhancements

For information about the Google services supported by the Stormshield KMaaS (client-side encryption), refer to the section Which services CSE supports of Google documentation About client-side encryption.

Environment

Deployment via a Docker image

In addition to the traditional RPM-based installation it is now possible to install using a Docker image.

New requirements for installation in RPM mode

The Stormshield KMaaS now requires RedHat Enterprise 8.10 or 9 to be installed.

Gmail message encryption

The Stormshield KMaaS now supports the SHA512withRSA algorithm for key encryption for Gmail.

Support for Google features

Google Drive and external users

The Stormshield KMaaS is now compatible with the Google Guest access feature. This enables users outside your company to access your encrypted content on Google Drive. To do this, you must configure a dedicated identity provider for Google Drive Guest users and add them to the list of authorized providers in the config.json file, section tenants > user_authentication > idps.

For more information, refer to the Google documentation.

Mass import of files to Google Drive

The Stormshield KMaaS now supports the mass importing of sensitive data into Google Drive. Data imported from third-party storage are encrypted by the Stormshield KMaaS in Google Drive. See an example on Github googleworkspace.

This Beta feature is currently under development at Google.

For more information, refer to the Google documentation and contact Google Support.

SDS CryptoAPI

The new SDS CryptoAPI feature provides two API routes, crypto/encrypt and crypto/decrypt, which enable data to be encrypted and decrypted, completely independently of Google.

You can write OPA rules for the CryptoAPI in dedicated files.

SDS CryptoAPI is currently in its alpha version. Stormshield does not guarantee that it will be possible to decrypt data encrypted with this version with a later version of the feature.

Support for Google Meet hardware

The new delegation feature enables a user to delegate their authentication to join an encrypted Google Meet conference from a room with Meet hardware. This feature is in alpha version.

Logs

Business operations logs (kind:domain)

  • Generation of authentication tokens for delegation ( cse category - delegate action)

  • Key management as a service (kmaas category)

  • Queries concerning KEK keys (kek category)

  • Validation of authorization tokens (authorization category)

  • Validation of authentication tokens (authentication category)

Logs of operations related to the environment (kind:system)

  • Web server related operations(server category)

  • Key Management System operations (kms category)