As more and more companies migrate to public cloud infrastructure and embrace work from anywhere operations – more and more companies are asking critical questions about data sovereignty and data control. This is especially true for European companies who must answer the following question: how can they make the shift to the cloud without sacrificing the security and control of their data to U.S cloud providers.
But there’s good news!
Google recently announced some encouraging developments to EU sovereign controls for Google Workspace. Their investment in localised support and expansion of data location controls is a significant step in addressing the security, privacy and sovereignty requirements many European organizations look for in cloud providers. But the real value lies in Google’s ability to partner with third-party encryption providers via their Client-side Encryption capability.
Google Workspace Client-side Encryption enables any organization to manage their encryption keys separately from their data. This ensures their data is only accessible to who they choose to share it with, whilst being indecipherable to both Google and the key management partner – indeed any third-party (malicious or otherwise) – thus achieving data sovereignty.
Furthermore, for organizations who have a legal or commercial requirement to share data between the EU and the U.S., using Client-side Encryption for data transfer supports the guidance of adopting ‘end-to-end encryption as an effective measure to enable both cloud adoption and data sovereignty requirements when transferring personal data outside the EU’ as a result of the Schrems II ruling in July 2020.
Choosing a Partner for True Sovereign Control
Google Workspace is a significant component of the Google ecosystem but cloud adoption for many organizations goes beyond productivity and collaboration tools.
Virtru is the only Google-recommended key management partner that provides holistic security solutions across the Google portfolio, including Gmail, Workspace, Google Meet, and GCP — as well as other SaaS applications such as Salesforce and Zendesk. This method of encryption key management is critical to an effective Zero Trust Data Control strategy, and one that Virtru recommends for organizations seeking to achieve true data sovereignty.
To learn more about how you can apply our Zero Trust encryption to your organization’s sensitive data, contact our team today.