Getting started

The Stormshield Key Management as a service is a solution in which corporate data managed in the Google Workspace ecosystem can be protected, edited and consulted. Google Workspace is Google’s cloud-based application suite for professionals. For more information, refer to the Google Workspace documentation.

The KACLS component of the Stormshield KMaaS relies on Google Client Side Encryption (CSE), the end-to-end encryption method that Google offers for its Google Workspace applications. CSE is configured in the Google administration console. This technology is available only on Chrome browsers. For more information, refer to the Google Client Side Encryption documentation.

Google generates DEKs (Data Encryption Keys) to encrypt files. These keys are also encrypted by the Stormshield KMaaS using KEKs (Key Encryption Key) before being stored on the Google servers. For more information, refer to the Google documentation on encryption operation.

The Stormshield KMaaS is installed in your Cloud infrastructure: KEKs are never transmitted to the Google servers.

Before performing cryptographic operations, the KACLS first conducts a double check:

• Authentication: checks the identity of the user requesting the operation,
• Authorization: checks the user’s access privileges for the file to encrypt/decrypt.

The KACLS generates logs for all the operations that it performs.

NOTE
The use of the solution in any way other than as described in the documentation is not managed. Alternatively, get in touch with Stormshield Support for clarification.

This guide describes how to deploy the KACLS as an SaaS solution. To implement the solution on site, contact your commercial referent Stormshield.