Now available: Cloud HSM as an... Note

Now available: Cloud HSM as an encryption key service for Workspace client-side encryption

Organizations in highly regulated sectors need to safeguard sensitive data, and Google Workspace Client-Side Encryption (CSE) offers a unique solution for this. CSE adds an extra layer of encryption to your Google Workspace data, enhancing confidentiality and compliance. It is particularly beneficial for handling intellectual property, healthcare, and financial data. The service also supports data sovereignty by allowing customers to control encryption keys. To further assist these organizations, Google Cloud now offers Cloud Hardware Security Module (HSM) for Google Workspace. This service brings Google Cloud’s highest compliance classifications to Workspace CSE customers. Cloud HSM is a fully managed, scalable key management service utilizing FIPS 140-2 Level 3 compliant hardware security modules. It is engineered to meet stringent security and regulatory mandates, holding certifications like FedRAMP High and ITAR. The core security of Cloud HSM for Google Workspace relies on FIPS 140-2 Level 3 validated hardware. This comprehensive compliance simplifies regulatory burdens for organizations. Cloud HSM for Google Workspace ensures high availability and rapid deployment for critical encryption services. The process involves a data encryption key (DEK) being encrypted by a customer-managed encryption key (CMEK) stored within the HSM, ensuring the CMEK never leaves the HSM's secure boundary. Audit logs are generated using Cloud Logging for transparency and monitoring. The service provides 99.95% uptime for encryption and decryption operations.
CdXz5zHNQW_tx83TJtTwW.png