Encrypting Your Keys to the Cloud: Evaluating Microsoft 365 Double Key Encryption + HSM and Virtru + Google

For technology and security leaders, applying security across your workforce’s productivity tools, email, and file-sharing workflows can be a complex endeavor. With so many details to consider — from usability to on-premise vs. cloud options, data loss prevention, and malware scanning — it’s vital to understand exactly what you gain, and what you may lose, when selecting a security solution. 

This post will outline some of the challenges and benefits associated with Microsoft 365 Double Key Encryption + HSM, compared with Google Workspace + Virtru.

Microsoft 365 Double Key Encryption: Options and Limitations

When considering the capabilities of Double Key Encryption for Microsoft 365 and hardware security module (HSM), it’s important to understand which security and collaboration features are available, and which functionalities may be limited when encryption is applied. 

Users of Double Key Encryption for Microsoft 365 and HSM may experience limitations to their Microsoft experience, including: 

• Support limited to Windows desktop environments (does not extend to mobile, Mac or Chromebook environments).
• Reduced Office 365 functionality, including loss of Data Loss Prevention (DLP), search, and archiving. Co-authoring and eDiscovery/content search are also not available.
• Increased complexity for administrators, as specialized skill sets are needed to set up and deploy Double Key Encryption and HSM. Microsoft’s security features are also closely connected to its Windows framework, which has a complex history of vulnerabilities, breaches, and fixes. Instead, organizations should focus on data-centric security that protects the data itself, wherever it moves.   

For a more detailed comparison of Microsoft 365 Double Key Encryption + HSM and Virtru + Google Workspace features, contact Virtru.

Virtru and Google Workspace

With Virtru and Google Workspace, organizations can implement world-class security in the cloud or on- premise, while accelerating collaboration and maintaining full ownership and privacy of their data. 

Virtru and Google Workspace equip customers with: 

• • Superior user experience and collaboration. With Google and Virtru, hybrid workforces can apply data protection across the entirety of a hybrid workforce — including desktop and mobile devices, email, and file sharing.  
    • Importantly, Virtru empowers organizations to securely adopt Google’s best-in-class collaboration features, including Google Drive and Docs/Sheets/Slides (including Google Client Side Encryption), for internal and external collaboration use cases.
    • Security for all clients (desktop, web, and mobile; Chrome, Windows, and Mac).
  • Administrator simplicity and control. Virtru is simple for administrators to set up, with deployments taking just hours or days, not weeks or months. 
    • Customers can spin up Virtru components in minutes through the Google Cloud Platform Marketplace.
    • Administrators have the power to take action on data at the object level, anywhere it’s been shared, via the Virtru Control Center.  
    • HSM support is optional and not required.
  • Preserved critical enterprise functionality.
    • Google + Virtru support Vault, any eDiscovery solution, privacy-preserving encryption search (patent protected), and client- and server-side data loss prevention (DLP).
    • Simple and powerful ITAR compliance that works across all email clients, file share, and collaboration workflows. This eliminates the cost and complexity of managing a separate Microsoft environment.
      

Key Management with Virtru and Google Workspace

When implementing Virtru security in Google Workspace, organizations need to set up a method of managing the encryption keys that grant access to their data. 

The Virtru Customer Key Server (CKS) is a virtual appliance that may be hosted on customer premises, in a private cloud, or on any public cloud service. All keys stored by Virtru are encrypted using the customer’s public/private key pair ensuring no third-party access to key content. The Virtru CKS can also integrate with a hardware security module (HSM) for a physical layer of protection.

The Virtru CKS enables enterprises to maintain exclusive access to the encryption keys used to secure their data:

• Only explicitly authorized parties have access to unencrypted content and encryption keys
• Prevent any third parties from accessing your encryption keys, including security and cloud-hosting vendors: Neither Virtru nor Google (or any other vendors) can access customers’ data. This is a true implementation of data sovereignty. (See Data Sovereignty in a Post-Privacy Shield World for details about data sovereignty as it relates to the recent international data privacy legislation.)

Virtru is a true end-to-end encryption solution for Google Workspace:

• The same key encrypts and decrypts content.
• Key needs to be transferred between or agreed upon ahead of time by sender and recipient.
• Keys are not recipient-specific, making it easier to grant additional access if needed.
• No need for recipients to have pre-existing keys of their own.  

For more details on how Microsoft 365 Double Key Encryption compares to Virtru and Google, and to learn how Virtru can equip your organization with enterprise-wide data protection, contact Virtru today to start the conversation.