![]() ![]() ![]() It’s probably an exaggeration to say Google’s CSE gives customers “sole control” of their encryption keys. “Client-side encryption takes this encryption capability to the next level by ensuring that customers have sole control over their encryption keys-and thus complete control over all access to their data.” ![]() “Workspace already encrypts data at rest and in transit by using secure-by-design cryptographic libraries,” Ganesh Chilakapati, Google’s group product manager for Google Workspace, and Andy Wen, director of product management for Google Workspace security, wrote. Starting on Tuesday, Google is rolling it out to customers of Gmail and Calendar Workspace. This provides an incremental benefit since the data will remain unreadable to any malicious Google insiders or hackers who manage to compromise Google servers.Ībbreviated as CSE, client-side encryption was already available for Google Drive, Docs, Slides, Sheets, and Meet for users of Google Workspace, which the company sells to businesses. The data can only be decrypted on an endpoint machine with the same key used by the sender. Data is encrypted on the client device before being sent (by HTTPS) to Google. Google’s client-side encryption occupies a middle ground between the two. (To be clear, the data is sent encrypted through HTTPS, but it's decrypted as soon as Google receives it.) With server-side encryption, by contrast, the client device sends the data to a central server, which then uses keys in its possession to encrypt it while it’s stored. On Tuesday, Google made client-side encryption available to a limited set of Gmail and Calendar users in a move designed to give them more control over who sees sensitive communications and schedules.Ĭlient-side encryption is a generic term for any sort of encryption that’s applied to data before it’s sent from a user device to a server. ![]()
0 Comments
Leave a Reply. |