---

Google Workspace, formerly known as Google Apps and later G Suite, is a collection of cloud computing, productivity and collaboration tools, software and products developed and marketed by Google. It consists of Gmail, Contacts, Calendar, Meet and Chat for communication; Currents for employee engagement; Drive for storage; and the Google Docs Editors suite for content creation. An Admin Panel is provided for managing users and services. Depending on edition Google Workspace may also include the digital interactive whiteboard Jamboard and an option to purchase such add-ons as the telephony service Voice. The education edition adds a learning platform Google Classroom and today has the name Workspace for Education.

The company developed mechanism to increase the security of mail data served by the Workspace (Gmail) service, calling it Client-Side Encryption (CSE). The solution gives Workspace customers the opportunity to implement their own mail encryption system, so data is protected before it reaches Google servers. Once the customer has enabled this encryption option, all attachments, emails, and embedded images are encrypted. However, CSE does not encrypt items such as email headers, subjects, timestamps, and recipient lists. Google explains that with CSE, content encryption is handled directly in the customer’s browser before any data is uploaded or stored in the Google cloud. This way Google’s servers cannot access the encryption keys.

CSE differs in one important respect from end-to-end encryption. For CSE, customers use encryption keys that are generated and stored in a cloud-based key management service. Therefore, administrators can control the keys and see who has access to them, and can always revoke a user’s access to the keys. With E2EE encryption, administrators have no control over customer keys and who can use them. They also cannot see what content users have encrypted. Those testing this mechanism should note that it is disabled by default and can be enabled at the domain or group level. Only then can the user click on the padlock icon to add CSE encryption to any message.

Google Workspace Client-side encryption is currently available for the following services:

• Google Drive for web browser, Drive for Desktop (non-Google file formats only), and Drive on Android and iOS (view-only for non-Google file formats).
• Google Meet for web browser only. CSE support for the Meet mobile app and meeting room hardware will be available in a later release.
• Google Calendar (beta) for web browser only.

---

You can read more about CSE here.

Teknita has the expert resources to support all your technology initiatives.
We are always happy to hear from you.

Click here to connect with our experts!