Thales Partners

Google Cloud

Google’s services increase the number of opportunities that enterprises have to increase efficiency, and improve service and product delivery. Whether those services come in the form of cloud storage or as remotely delivered office applications, Google offers tools to make the world more connected so businesses and individuals can take full advantage of the internet to advance their initiatives.
1600 Amphitheatre Parkway Mountain View California United States North Americas 94043
(650) 253-0000


Google Cloud Partner
Google Cloud Partner of the Year

High Assurance Protection Strategies for Google Cloud Using Luna HSMs

Thales offers a number of solutions based upon their high-assurance Luna HSMs and Luna Cloud HSMs (Data Protection on Demand), to secure and protect your data in Google Cloud. With Thales, enterprises have the flexibility to leverage cloud services, the ability to both own and control their encryption keys, and reduce the risk of unauthorized data access. The “Thales High Assurance Protection Strategies for Google Cloud’ solution brief below, provides an overview of the different encryption key generation, management and protection options available to Google Cloud users using Luna HSMs including: Customer-Managed Encryption Keys (CMEK), Customer-Supplied Encryption Keys (CSEK) and the new Google Cloud EKM service.

Resources and Additional Information


Thales High Assurance Protection Strategies with Thales HSMs for Google Cloud Platform - Solution Brief


Google Cloud Protection with Thales Luna Network HSM Integration Guide

CipherTrust Key Broker for Google Cloud EKM

Key BrokerCipherTrust Key Broker for Google Cloud EKM: Create and control encryption keys outside of Google Cloud


CipherTrust Key Broker is integrated with Google Cloud EKM to make it easy for organizations to follow security and key management best practices while leveraging the power of Google Cloud for compute and analytics. Organizations are able to securely create and control their own encryption keys separate from where their sensitive data is being hosted. By generating their own encryption keys using CipherTrust Key Broker, organizations can verify the origin and quality of the keys they are providing to the cloud provider, while maintaining the original version of the key outside of the Google Cloud environment. Organizations hold their master keys in a Thales Luna Cloud HSM (Data Protection on Demand), which acts as the trust anchor for the CipherTrust Key Broker solution. This provides a FIPS 140-2 Level 3 certified root-of-trust, and ensures separation between data and encryption keys, helping to fulfill compliance and security requirements.

Resources and Additional Information

Google EKM

Enhancing Encryption Key Control and Data Security in Google Cloud Platform - Solution Brief

CipherTrust Cloud Key Manager BYOK for Google Cloud KMS

Encryption Key Lifecycle Management for Google Cloud Customer-Managed Encryption Keys

The Google Cloud Key Management System (KMS) offers 'Bring Your Own Key (BYOK)' API’s via the Customer-Managed Encryption Keys (CMEK) facility. Google KMS supports a wide range of Google Cloud products. To enable your organization to manage encryption keys across multiple cloud providers including Google Cloud, CipherTrust Cloud Key Manager from Thales provides multi-cloud key lifecycle management for Google CMEK, along with a range of other providers. Read the product brief.

Resources and Additional Information


CipherTrust Data Security Platform Key Management Solutions for Google


CipherTrust Cloud Key Manager - Product Brief

Learn more about Thales CipherTrust Cloud Key Manager

Learn more about Google Cloud Key Management System (KMS)

Google Cloud VMware Engine (GCVE) and Thales CipherTrust Manager

Google now supports running the VMware stack in Google Cloud using the Google Cloud VMware Engine (GCVE). Now apps and workloads designed to run within VMware can be seamlessly migrated to the cloud. The combination of Google GCVE, VMware and Thales CipherTrust Manager ensures a secure path to the cloud. This joint solution simplifies migration, while adding all the benefits of the cloud, including scale, agility, lower cost, best in class security of dedicated infrastructure, and streamlined management of private encryption keys.


Resources and Additional Information


CipherTrust Manager for VMware VMs on Google GCVE - Solution Brief


CipherTrust Manager for VMware vSAN on Google GCVE - Solution Brief

Google Cloud Storage: Encryption Key Management and Thales

Google Cloud Storage offers worldwide data storage and retrieval at any time using a simple programming interface that allows developers to take advantage of fast and reliable networking infrastructure and is encrypted by default. CipherTrust Application Data Protection includes Bring Your Own Key (BYOK) solutions that integrate with the Customer-Supplied Encryption Key (CSEK) facility for Google Cloud Storage to manage the encryption keys used for storage encryption. This integration enables centralized encryption key management on CipherTrust Manager for streamlined key administration.

Resources and Additional Information

Learn more about Thales CipherTrust Manager

Learn more about Thales CipherTrust Application Data Protection

Learn more about Customer-Supplied Encryption Key (CSEK)

Google Apps: Identity Verification with SafeNet Authentication Solutions

Google AppsSaaS and Web AppsembeddedGoogle Apps: Identity Verification with SafeNet Trusted Access

Google Apps is a service that provides independently customizable versions of Google web applications, such as Gmail, Google Calendar, Docs, and Drive to enterprise customers. The SafeNet Trusted Access uses SAML to integrate with Google Apps to provide two factor authentication for secure identity verification.

Building on Thales’s award winning authentication service, SafeNet Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

Resources and Additional Information:

SafeNet Authentication Service (SAS) is now SafeNet Trusted Access (STA).

For STA SAML integrations, please refer to STA Application Catalog. For STA RADIUS integrations, please refer to STA RADIUS Integration guides page on Thales Customer Portal.

Google Workspace Client-Side Encryption

Google recommends that Google Workspace customers adopt the industry-standard and increasingly well-known shared responsibility model by using an external Identity Provider (IDP) and key manager (EKM) to ensure that only authorized and authenticated individuals can access protected documents. Only Thales develops an independent IDP and EKM solution.

Thales's SafeNet Trusted Access (STA) used with CipherTrust Cloud Key Manager provides customers with an independent IDP and key management solution from a single vendor, helping you achieve your business goals with a smoother deployment, superior user experience and better value.


Resources and Additional Information

Thales Security Solutions for Google Workspace