<img src="https://ad.doubleclick.net/ddm/activity/src=11631230;type=pagevw0;cat=pw_allpg;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=1;num=1?" width="1" height="1" alt="">

Virtru Private Keystore for Google Workspace Client-Side Encryption

Virtru is an encryption key management partner for data-centric security across Google Workspace CSE, including S/MIME for Gmail.

Product-Page-Images_CSE - Hero2

An Essential Layer of Encryption for Google Workspace

Protect your organization's most critical data in Google Workspace, and ensure complete control with Virtru Private Keystore for Client-Side Encryption (CSE).

  • Take full control of the keys used to encrypt your data
  • Support data sovereignty and security obligations
  • Ensure your data remains unreadable by Google, Virtru, or any other third party
  • Support Gmail S/MIME, Google Workspace CSE, and regulatory compliance

Virtru Private Keystore

Enhanced Security with Label-Based Access Controls

Virtru is a key management partner for Google Workspace CSE. Unlike other CSE key partners, Virtru enables you to encrypt your data and also apply automatic access controls based on your custom labels, ensuring your data remains protected against unauthorized access, regardless of its location within your system.

  • Use Google Workspace labels to classify documents and enforce access controls
  • Leverage your Google Workspace groups to define access permissions
  • Ensure persistent protection, even when files are moved to other drives or folders

Benefits of Choosing Virtru as Your Key Management Partner

Google and other third parties cannot decrypt or view your data.

Rest easy knowing your files are protected by end-to-end encryption.

Create automatic data security policies for all data stored in Google Workspace.

Advance your Zero Trust data control and security initiatives.

Manage your own keys on-premises or in a private or public cloud.

As a longtime Google partner, Virtru is your guide to securing data that flows into and out of your Google ecosystem.

Product-Page-Images_VPK copy
Virtru Logomark

“Virtru is proud to be Google Workspace’s first recommended data protection partner and to have helped architect Google’s Client-Side Encryption capability with Google, in concert with our strategic enterprise partners. We are thrilled that Google Workspace Client-Side Encryption has become generally available for enterprises worldwide, and to include other partners in this open and extensible ecosystem."

John Ackerly

How It Works: Virtru for Google Workspace CSE

CSE Diagram

  1. User creates a new Google Workspace CSE Document.

  2. Document encryption key (DEK) is generated locally within the user's browser.

  3. DEK is sent to customer-hosted CSE server, which creates an access control policy. DEK is then wrapped with a second encryption key (CSE key).

  4. The wrapped DEK is sent to Google for storage alongside the encrypted document. Meanwhile, the CSE key never leaves the customer's server, so Google can never access it.


Data-Centric Security Across the Google Ecosystem and Beyond

Equip Teams to Collaborate Securely in the Cloud

Virtru's data protection empowers users to encrypt sensitive information with one click, directly within their Google interface:

View All Products

Take Control of Your Data in Google Workspace CSE

Extend Zero Trust data control across your Google SaaS ecosystem. Book a demo with our team to see how simple it can be to get started.


Omada Logo Maryland Logo
Better Logo UC Berkley Logo