How Google Apps is Secure with Encryption


When you send a document to a colleague, you are hoping that he will be the only person who reads it. On the way from you to your colleague there is a lot that could happen. The last thing you want is prying eyes who could read your message. Therefore, Google build in encryption keys which helps to reduce the risk of losing your data. Encryption is a process that takes your data as an input and transforms it into an output that reveals little or no information about the input, which is often called as plaintext. Without having the right encryption keys it is impossible to have access to the data. It ensures your data will fall into an attacker’s hand.


Google encrypts the data at several levels and forces HTTPS (Hypertext Transfer Protocol Secure) for all services between Google Apps and their users. Also message transmissions with other mail servers will be encrypted by TLS (256-bit Transport Layer Security). This is a protocol that encrypts and delivers mail securely, for both inbound and outbound mail traffic. Although, your messages are encrypted only if you and the people you email with both use email providers that support Transport Layer Security. It’s the standard for secure email.

For all its services Google uses PFS, which stands for Perfect Forward Secrecy. The private keys for a connection will not be kept in persistent storage.

Screen Shot 2016-10-26 at 12.43.00

To stay up-to-date the encryption across more services and links will constantly extend and strengthen by Google. Core customer data that is uploaded or created in Google Apps services is encrypted at rest. The data at rest is broken into subfiles, called chunks. At the storage level each chunk will be encrypted with an individual encryption key. Also if you updated a file, it will get an new encryption key. Encryption is inherent in all of the storage systems of Google.

To encrypt data at rest Google makes use of AES (Advanced Encryption Standard) which is often part of customer compliance requirements.

It is one of Google’s biggest priorities to keep customers data safe. Without any required from the customers Google Cloud Platform encrypt customer content stored at rest.

Further resources

G Suite and Security with Google Cloud
Encryption at rest on Google Cloud Platform
Security on G Suite FAQ

Other Posts in this Series

Your G Suite Security is 2 Simple Steps Away!
How Google Handles Your Data

Scott Haslehurst
Scott is the CFO of GoPomelo and Head of GoPomelo X. His project team works exclusively in cloud application development. Scott explores cloud technology and the new opportunities it brings. As an agile coach at GoPomelo he is often found deep in post-it notes and burn-down charts!