Would you like to be agile while keeping a high level of security?
Have you denied using cloud-based solutions because you are afraid of losing control over data?
Or do you compromise on security for faster and more flexible workflows?
TRIDENT HSM with our Google Client Side Encryption module helps you maintain the highest level of security while letting you use cloud-based Google Workspace tools.
You don’t have to compromise anymore!
Retain control over the encryption keys without interfering with the Google Workspace user experience
PRODUCT OVERVIEW
Moving workloads to the cloud usually means using collaboration suites such as Google Workspace. The functions allow for information sharing, collaborative work, or access from any device which have an indisputable role in digital transformation projects within companies.
From the sensitive data’s protection’s point of view, the keys providing access to this information have the same criticality level as the data they protect. When having sensitive data managed by a third party, it’s important to retain control of the keys, especially if that is in a cloud-based environment.
Client Side Encryption (CSE) lets the user retain control over the encryption keys without interfering with the Google Workspace user experience. The CSE function enables the web browser to encrypt the information before sending it to Google, guaranteeing end-to-end protection of sensitive data.
HOW IT WORKS?
CSE uses envelope encryption to protect data and it relies on web browsers for performing client-side operations.
First, a data encryption key (DEK) is generated in a Google Workspace client. Then the DEK is handed over to the TRIDENT HSM to be encrypted symmetrically using a Key Encryption Key (KEK).
These Key Encryption Keys (KEKs) are managed by the TRIDENT HSM to determine who can and cannot access your data. This keeps your cloud data private, even from Google, since they won’t have the keys to decrypt the data.
If you choose to buy your own physical TRIDENT HSM, you get flexible configuration options, full control over encryption keys, possession of a physical HSM in a tamper proof case.
If you rather use our TRIDENT HSM as a service, it will be easy to configure and operate, secured by the applied Secure Multi-Party Computation (SMPC) technology combined with a multi-tenant environment, optimized for SMEs regarding the cost of operation.
If you would like to introduce a new IT solution at your company, it’s important to limit both the disruption to existing functions and the impact on the user experience.
i4p’s Client Side Encryption module offers you a convenient way to address all your data sovereignty and compliance requirements. It gives you control over your encryption keys while letting you leverage the processing capabilities and power of Google Workspace. Our natively-integrated virtual and physical HSMs offer streamlined deployment and operation with the highest level of security.
WITH ON-PREMISE HSM
With i4p’s TRIDENT HSM, customers can bring a CC EAL4+ certified HSM for Google Workspace. The database encryption keys are managed outside of Google’s environment in the physical TRIDENT HSM deployed on the customer’s premises.
WITH HSM-AS-A-SERVICE
TRIDENT HSM-as-a-Service provides a high level of security while keeping operating costs low. We use a highly secure multi-tenant environment with Secure Multi-Party Computation (SMPC) to protect the encryption keys.
APIs AND STANDARDS USED
HOST INTERFACE
CERTIFICATIONS
AUTHENTICATION
PHYSICAL CHARACTERISTIC*
* In the TRIDENT CSE the Client Side Encryption module resides within the secure perimeter of the CM
Our Partner Program was specifically designed to naturally reward the investments you make in selling our solutions, based on your sales performance
An easy-to-integrate HSM provides multiple functions for different use cases, offering an ideal solution for data protection challenges.
Trident HSM combines the high-level hardware security and multi-party computation to provide the highest level of data protection required in business.
A Timestamp Server that ensures the tamper-proof creation and authenticity of timestamps for any purposes, with the reliability provided by the high level of security.
A Signature Formatting Server that is used for higher level signature formatting and a self-contained, fully functional module.
Contact us by filling out our online form
or send us an e-mail at info@i4p.com
Do you need support? For i4p support requests, please send
an e-mail to support@i4p.com or call +36 1 700 1230.
For press and media inquiries,
please send an e-mail to pr@i4p.com
Download this ebook to find out: