What’s changing 

Earlier this year, we announced the beta for Google Workspace Client-side encryption, specifically for Google Drive, Docs, Sheets, and Slides, with support for all file types in Drive including Office files, PDFs, and more. 

We’re now expanding the beta to include desktop data for Google Meet and Google Drive. Additionally, key access service APIs are now publicly available for anyone to use. 

Encryption notice in Meet

Lastly, we are adding two new Key access service partners (Fortanix, Stormshield) for customers looking for a dedicated partner that integrates with the key access service APIs. Previously, we had announced key service partnerships with Flowcrypt, FutureX, Thales and Virtru. 

The beta is available to Google Workspace Enterprise Plus and Google Workspace Education Plus customers—eligible customers can now apply for the beta here. Important note: Customers who are already participating in the beta will have to reapply for access to the Google Meet and functionality, but you will be able to reuse your key service configuration. 

Who’s impacted 

Admins and developers 

Why it’s important 

Google Workspace already uses the latest cryptographic standards to encrypt all data at rest and in transit between our facilities. With Client-side encryption, we’re taking this a step further by giving customers direct control of encryption keys and the identity provider used to access those keys. This can help you strengthen the confidentiality of your data while helping to address a broad range of data sovereignty and compliance needs. 

When using Client-side encryption, customer data is indecipherable to Google. Customers can create a fundamentally stronger privacy posture to comply with regulations like ITAR and CJIS or simply to better protect the privacy of their confidential data 

Read our announcement post to learn more about this beta and our plans for Client-side encryption across Google Workspace. 

Additional details 

If you are looking to choose a key service access partner, Flowcrypt, Fortanix, Futurex, Stormshield, Thales, and Virtru have built tools in accordance with Google’s specifications and provide both key management and access control capabilities. Your partner of choice holds the key to decode encrypted Google Workspace files, and Google cannot access or decipher these files without this key. 

If you prefer to build or integrate your own in-house key services, we have published the key access service API specifications that can be used with Client-side encryption. 

Getting started 

• Admins: Use our Help Center to learn more and apply for the beta here. 
• Note: If you are already participating in the beta, you will have to re-apply for access to the Google Meet functionality.
• Developers: https://developers.google.com/workspace/cse 
• End users: No end-user impact. 

Availability 

• Available to Enterprise Plus and Education Plus customers 
• Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Education Fundamentals, Frontline, and Nonprofits, as well as G Suite Basic and Business customers. 

Resources 

• Google Workspace Admin Help: About client-side encryption (beta) 
• Google Cloud Security Blog: Google Workspace delivers new levels of trusted collaboration for a hybrid work world 
• Beta sign up form