Thales Protection for Google Client Side Encryption
Promote this Nomination
Photo Gallery
![]() |
![]() |
Thales Protection for Google Client Side Encryption


Additional Info
Company (that provides the nominated product / solution / service) | Thales |
Website | http://www.cpl.thalesgroup.com |
Company size (employees) | 10,000 or more |
Type of solution | Cloud/SaaS |
In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:1) Identity Protection for Client-side encryption 2)Enhancing Authentication and Secure Access to 3) Simple and Strong Authentication |
Brief Overview
Customers using Google Workspace Client-side encryption can
achieve stronger security and lower deployment overheads by
benefiting from Thales’s integrated end-to-end solution that protects
identities and controls encryption keys separate from their sensitive
data in the cloud.
Client-side encryption keys enable service providers to host
encrypted data but not decrypt it, protecting the user’s privacy.
When a user retrieves their file, the corresponding data encryption
key is decrypted using customer-provided keys only after the user
has been authenticated with customer-controlled authentication.
Thales’s SafeNet Trusted Access (STA) used with CipherTrust Cloud
Key Manager provides customers with an independent IDP and key
management solution from a single vendor, helping you achieve
your business goals with a smoother deployment, superior user
experience and better value.
Thales is a trusted multi-cloud partner. The combination of STA
and CipherTrust Cloud Key Manager allows organizations to
keep control of both their access security and key management
while avoiding vendor lock-in – vital to supporting multi-cloud
environments as part of digital transformation initiatives
How the Joint Solution Works
A user logs into Google Workspace and is redirected to STA for
authentication and identity validation.
• STA authenticates the user and creates an authentication token
• When the user creates a Client-side encrypted file, the STAgenerated
authentication token and a separate Googlegenerated
authorization token are sent to the CipherTrust Cloud
Key Manager with a Google-generated Data Encryption Key
(DEK)
• CipherTrust Cloud Key Manager validates the STA-generated
authentication token with STA and validates the Googlegenerated
authorization token with Google
• If both tokens are validated, CipherTrust Cloud Key Manager
encrypts the DEK with a CipherTrust-generated Key Encrypting
Key (KEK) – and returns the encrypted DEK to Google
• Subsequent file opens or saves require validation by CipherTrust
Cloud Key Manager which permits authorized