Enabling data encryption for data at rest and in transit

Data encryption is a security measure that protects data from unauthorized access or tampering. It is important to encrypt data at rest, which refers to data that is stored on a device or storage medium, and data in transit, which refers to data that is being transmitted over a network. Google Workspace provides several options for enabling data encryption for data at rest and in transit. This technical reference guide outlines the steps for enabling these security measures in Google Workspace.

Enabling data encryption for data at rest in Google Workspace

1. Enable Full Disk Encryption (FDE) for devices running the Chrome operating system: FDE uses the industry-standard AES algorithm to encrypt all data stored on a device's hard drive. To enable FDE, follow these steps:

• Sign in to the Google Admin console.
• Click Device management > Chrome management > Device settings.
• In the "Encryption" section, select the "Force encryption" option.
• Click Save.

2. Enable Cloud Storage Encryption: Google Cloud Storage automatically encrypts all data at rest using AES-256 encryption. To enable this feature, follow these steps:

• Sign in to the Google Cloud console.
• Navigate to the Cloud Storage browser.
• Select the bucket you want to enable encryption for.
• Click the Edit button (pencil icon).
• In the "Encryption" section, select the "Encrypt objects" option.
• Click Save.

Enabling data encryption for data in transit in Google Workspace

1. Enable SSL/TLS for email: Google Workspace uses Transport Layer Security (TLS) to encrypt email messages in transit. TLS uses a combination of symmetric and asymmetric encryption to secure data transmission. To enable TLS for email, follow these steps:

• Sign in to the Google Admin console.
• Click Apps > G Suite > Gmail > Advanced settings.
• In the "Inbound gateway" section, select the "Require TLS encryption" option.
• In the "Outbound gateway" section, select the "Use TLS encryption" option.
• Click Save.

2. Enable SSL/TLS for web traffic: Google Workspace also uses TLS to encrypt web traffic. To enable TLS for web traffic, follow these steps:

• Sign in to the Google Admin console.
• Click Security > SSL/TLS certificates.
• In the "SSL/TLS certificates" section, click the "Add a new certificate" button.
• Follow the prompts to generate and install a new SSL/TLS certificate.

Enabling data encryption for data at rest and in transit is an important security measure for protecting sensitive data in Google Workspace. By following the steps outlined in this technical reference guide, you can ensure that your data is protected from unauthorized access and tampering.

‍