We employ several security measures to help ensure the authenticity, integrity, and privacy of data in transit.
Default protections to data in transit
We encrypt and authenticate all data in transit at one or more network layers when data moves outside physical boundaries not controlled by us or by Google Cloud Platform on our behalf. Data in transit inside a physical boundary controlled by or on behalf of us is generally authenticated but not necessarily encrypted.
Depending on the connection that is being made, we apply default protections to data in transit. For example, we secure communications between the user and the app front end using TLS.
Leader in encryption in transit
Google works actively with the industry to help bring encryption in transit to everyone, everywhere. It has several open-source projects that encourage the use of encryption in transit and data security on the Internet at large including Certificate Transparency, Chrome APIs, and secure SMTP.
Google plans to remain the industry leader in encryption in transit. To this end, it dedicates resources toward the development and improvement of encryption technology. Its work in this area includes innovations in the areas of Key Transparency and post-quantum cryptography.