High Level Architecture
The Google Workspace CSE library enables encryption operations within the client, storing only encrypted data and encrypted keys on the Google Workspace servers. End user authentication is provided by a third-party identity provider.
Google Workspace CSE allows the users to secure:
Calls over Google Meet
Docs, Sheets, and Slides data inside a Drive
Google Calendar events
Gmail (Google email) messages
Content is secured with an external encryption key maintained by the KACLS.
High Level Architecture
The following diagram shows the high level architecture:
Architecture for Gmail
The following diagram shows the high level architecture for Google Workspace CSE for Gmail: