Cloud HSM for Google Workspace

Cloud HSM for Google Workspace is an encryption key service that provides client-side encryption (CSE) for Google Workspace.

Cloud HSM is a highly available, fully managed key management service operated at cloud scale with hardware-backed keys stored in FIPS 140-2 Level 3 compliant hardware security modules (HSMs). Cloud HSM for Google Workspace is available in the United States.

Using Google Workspace CSE adds another layer of encryption to your organization's data, including files and emails, in addition to the default encryption that Google Workspace provides. CSE is especially beneficial for organizations that store sensitive or regulated data, like intellectual property, healthcare records, or financial data. Cloud HSM for Google Workspace lets you have greater control over your encryption keys, and can help you meet regulatory and compliance requirements.

How Cloud HSM for Google Workspace works

Cloud HSM for Google Workspace uses envelope encryption to protect your Google Workspace data such as files and emails. Protected data can only be encrypted and decrypted by authorized users according to your identity provider (IdP). All wrap and unwrap operations using Cloud HSM keys are performed inside the HSM. The key material never leaves the HSM protection boundary.

Features and benefits

Secure and standards-aligned: Cloud HSM is built for customers who want to run cloud workloads that meet stringent security and regulatory standards. Cloud HSM uses FIPS 140-2 Level 3 validated Marvell LiquidSecurity HSMs. The Cloud HSM service has obtained compliance with numerous regulations and certifications including the following:

These compliance standards and certifications help customers in highly regulated market segments meet their regulatory and compliance needs for key management and data protection.

Flat pricing: Cloud HSM for Google Workspace offers flat pricing. Your costs don't change based on the number of users. For more information about pricing, see Cloud Key Management Service pricing.

Audit logs using Cloud Logging: Like all Google Cloud services, Cloud HSM service writes audit logs that record administrative activities and accesses within your Google Cloud resources. Audit logs help you determine who did what, and when. Enabling audit logs helps your security, auditing, and compliance entities monitor Google Cloud data and systems for possible vulnerabilities or external data misuse. For more information about audit logging, see Cloud Key Management Service audit logging.

What's next