What is Client-side encryption?
Client-side encryption is a method of encrypting data on the user’s end before it is sent to the service provider. The user determines their encryption key, manages its lifecycle, and retains sole access to it. Third parties cannot decrypt the user’s data while it is hosted in the service provider’s infrastructure.
Enterprises who have Client-side encryption in place will find it easier to migrate to the cloud as it may help organizations address data privacy regulations, and gives them full control over their encryption keys, particularly in situations where third parties may compel them to decrypt data. Furthermore, Client-side encryption may help address region or country-specific data privacy legislation requirements. Organizations can be confident their data will be encrypted at the point of capture, not necessarily once it reaches the cloud, where it might be housed in a different country altogether.
Risk Mitigation: Everyone Benefits
Enterprise clients with large volumes of sensitive data are not the only ones who benefit from the added privacy and security of Client-side encryption: service providers benefit, too. Encrypting data on the client side helps to mitigate risks, with less liability for the service provider in the event of a data breach.
A Simple and Secure Solution
Google Workspace customers can enable Futurex’s Client-side encryption service for all users in their domain or organizational unit using the Google Workspace Admin Console.
The admin will follow this process:
- Log into Admin Console
- Select the option to add an external key service
- Enter the server address
- Specify the organizational units
- Configure a 3rd party Identity Provider (IdP)
For users who deploy the Futurex Client-side encryption solution, the data they enter in a Google Workspace application – including Drive, Docs, Sheets, and Slides – will be encrypted in their browser before it ever reaches Google’s servers.
The Futurex Advantage
Futurex’s ability to deliver a full enterprise key management solution provides a great advantage to users. Many of the largest organizations around the world already look to Futurex to protect their most sensitive data and manage cryptographic key lifecycles across the enterprise.This includes use cases such as code signing, tokenization, issuing certificate authority (as well as offline root CA), data protection, and more.
With the Futurex Client-side encryption solution, all data is encrypted using 256-bit AES keys, which are rotated monthly. The keys are managed by our FIPS 140-2 Level 3 validated Key Management Enterprise Server (KMES Series 3), with an integrated hardware security module (HSM) for the highest possible security. This is delivered either as a 2U network appliance for on-premises deployment, or as part of Futurex’s VirtuCrypt cloud key management service.
Futurex Addresses Enterprise-Wide Data Protection
Futurex offers a complete enterprise key management solution that not only enables client-side and cloud encryption, but data protection across the enterprise. Futurex’s solution delivers public key infrastructure (PKI) and certificate authority (CA), code signing, cryptographic key lifecycle management, and integration with many third-party applications. Futurex’s natively integrated HSMs offer simplified integration, with no third-party relationship management required.
Want to Learn More about Google Workspace Client-side Encryption?
Futurex provides the world’s most versatile external key service using fully validated HSM and cloud technology. If you are interested in Futurex solutions or would like to inquire about a demo, please contact us at info@futurex.com or visit VirtuCrypt at VirtuCrypt.com.