Virtualization Technology News and Information
VMblog Expert Interview: Rob McDonald Describes Google Workspace Client-Side Encryption and What's Next for Virtru

VMblog recently caught up with Virtru, a fast-growing provider of end-to-end data security solutions. Virtru offers encryption technologies that layer into commonly used apps like Google Workspace, Office 365 and Salesforce to enable teams to securely and privately create, manage and share information.

To learn more about the company and how it's supporting encryption for Google Workspace's newly announced Client-Side Encryption, we connected with Rob McDonald, executive vice president for Virtru.

VMblog: Before we get going, can you tell us a little bit about Virtru?

Rob McDonald: Virtru develops and delivers end-to-end data encryption solutions that empower organizations to create, manage and share data securely. The company was co-founded in 2012 by CEO John Acklery and CTO Will Ackerly. Will previously worked for the National Security Agency (NSA), where he invented the Trusted Data Format (TDF).

TDF is an open standard that provides a single approach to encrypting multiple types of data, such as email, images, PDFs, and data that flows through the SaaS applications that people use every day. It's used by the U.S. intelligence community and has become the gold standard of data protection for the federal government. It also forms the basis of Virtru's data privacy offerings.

TDF addresses a key cybersecurity challenge, which is that different types of data have traditionally required different kinds of encryption. TDF places a protective wrapper around data - including highly sensitive and even classified data - so that you need only one kind of encryption for any data type. When you think about the myriad ways we create and share data today - whether it's customers' personal information, patients' medical records, financial data, intellectual property, or communications you simply want to keep private - having a single, versatile framework for securing sensitive data is incredibly important to keep teams working efficiently and securely.

Our technology enables organizations to encrypt, control access to, and audit the protection of data wherever it's created and however it's shared. In fact, Virtru already secures more than 1 billion digital assets, protecting 7,000 organizations and 10 million users.

VMblog: Google recently announced the general availability of Google Workspace Client-Side Encryption. Can you tell us what that means and how Virtru fits into the equation?

McDonald: Google Workspace Client-Side Encryption strengthens the confidentiality of user data while addressing key issues around data sovereignty and compliance.

Google Workspace already provided encryption for data at rest in its facilities and in transit between its facilities. Client-Side Encryption takes data protection a huge step forward by giving Google customers direct control of the keys to encrypt their data. Google customers use Google Workspace applications in the exact same way they always have, but now they benefit from full control of their data - and even Google can't access it. The data owner can share that data with anyone, but they're the only entity that decides who can access that data.

Virtru is a longstanding Google partner and was the first Google-recommended encryption provider for Gmail and Google Drive. Now, Virtru is a recommended partner for Google Workspace Client-Side Encryption. Organizations can use Virtru as their key management partner to support tighter privacy in Google Drive, Google Docs, and Google Sheets - and our encryption also supports the Google Drive File Stream desktop application, as well as encrypted calls and video messages in Google Meet.

Here's how it works, in a nutshell: Once your browser client encrypts the content with Google Workspace Client-Side Encryption, those encryption keys are wrapped in an additional Virtru key. Virtru manages these key encryption keys (KEKs) and their associated control policies to determine who can and can't access your data. This keeps your data private, even from Google, since Google doesn't have the keys to decrypt your data. And note that Virtru can't access your protected data, either.

VMblog: Why is Google Workspace Client-Side Encryption considered a major privacy milestone? What other benefits may result from this development?

McDonald: Google Workspace Client-Side Encryption is a watershed moment in data privacy. For the first time, Google is blinding itself to user data in its most popular collaboration tools. Organizations can now encrypt data stored in Google Workspace applications, ensuring the complete confidentiality, privacy and sovereignty of that data.

That's transformative, because it gives every Google user a higher level of control over their own data protections. A key consequence is that organizations in highly regulated industries, which have been precluded from using Google Workspace, can now benefit from Google technology.

VMblog: I imagine Google Workspace Client-Side Encryption is just one piece of the puzzle for cloud privacy. How else does Virtru and its technology complement Google Workspace to enhance data privacy?

McDonald: Virtru can do more than just protect your data in Google Workspace. TDF provides data confidentiality no matter where your data lives or who it's shared with. For example, you can encrypt and decrypt messages and apply access controls directly in Gmail. You can securely upload files into Google Drive, including Microsoft Word, Excel and PowerPoint files, as well as PDF, JPEG, PNG and CAD files.

For message and file access, you can expire messages, control forwarding, view read receipts, and add watermarks to files. You can also revoke access at any time, and you retain access control even after someone downloads a file to their device. You always have high-fidelity awareness of where your data resides, where it's moving to, how it got there, and what's happening to it after it leaves your organization. You keep control of your data no matter where it is in its lifecycle.

And for software-as-a-service (SaaS) applications, Virtru solutions extend data protection and control to popular enterprise applications such as Salesforce, Zendesk and Workday. So that gives you organization-wide protection.

Finally, Virtru technology helps to advance a Zero Trust approach to cybersecurity, an increasing focus in both the public and private sector. A crucial but often-ignored pillar of Zero Trust is data control. Traditional security approaches focus on protecting identities, devices, applications and networks. They don't do enough to protect the data itself. Our TDF open standard secures data - your most valuable asset, common to all applications you use - at the data level.

VMblog: There are still some organizations that hesitate to move to the cloud, out of concern that it won't provide the security they need to meet stringent compliance and security requirements. Do you foresee Google Workspace Client-Side Encryption helping to put cloud users at ease?

McDonald: There's no question that Google Workspace Client-Side Encryption will drive rapid cloud adoption. Organizations in highly regulated industries, from financial services to the public sector, have had concerns about the privacy of their data in the cloud. In some cases they were actually restricted from using the cloud because of compliance issues. So while enterprises in other sectors enjoyed the advantages of the cloud, regulated organizations were held back.

But cloud-based solutions have grown increasingly secure. And encryption can now shield sensitive data, especially when the data owner controls the encryption keys. With Client-Side Encryption, organizations can take advantage of Google Workspace for productivity, collaboration and ease of data access. They can also benefit from other advantages of cloud technology, including more predictable costs, greater flexibility to scale up and down as needed, access to the latest cloud-native applications and so on. But what makes this announcement so significant is that Google is baking zero trust into its applications at the data level.

VMblog: Thanks for your time and insight. Where can VMblog readers go to learn more about Virtru and Google Workspace Client-Side Encryption?

McDonald: You can visit the Virtru website to learn more about Virtru's encryption solutions for Google Workspace. And if you have further questions, please reach out. We're always happy to talk about how we can support your Zero Trust strategy with data-centric security solutions.


Published Tuesday, April 05, 2022 7:30 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<April 2022>