Google announced on Friday that it’s adding end-to-end encryption to the web version of its Gmail email service, allowing Google Workspace customers to send and receive email encrypted inside and outside their domain.
It is noteworthy that client-side encryption, or as Google calls it E2EE, is already available to users of cloud storage service, Google Drive, office applications: Docs, Sheets, Slides, Google Meet meeting service, and Calendar service in an experimental way.
Gmail’s client-side encryption, once activated, will ensure that any sensitive data delivered as part of the email body and attachments cannot be decrypted by Google’s servers.
Google explained on its support site that: “Using client-side encryption in Google Workspace, content encryption is handled in the client’s browser before any data is transmitted or stored in the cloud drive service.”
The company added: “This way, Google’s servers cannot access the encryption keys and decrypt your data. After setting up client-side encryption, you can choose which users can create client-side encrypted content and share it internally or externally.”
Google Workspace customers can apply for the coding beta until January 20, 2023, by submitting their Gmail CSE Beta Test Application request, which must include an email address, project ID, and test suite domain.
Gmail E2EE beta is currently available for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers.
The company says the feature isn’t yet available to users with Google Personal, Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, or Nonprofits accounts, as well as Google customers. Suite Basic, or older Business.
After sending emails from Google saying that the account is ready, administrators can set up client-side Gmail encryption for their users by following the following procedure to set up their environment, set up S/MIME certificates for each user in the test suite, and configure the master service and identity provider.
The feature will be disabled by default and can be enabled at the domain, organizational unit, and group levels by going to Admin Console > Security > Access and data control > Client-side encryption.
Once enabled, you can switch to E2EE for any message by clicking the padlock icon next to the Recipients field and clicking Turn on under Additional encryption. You can then compose a Gmail message and add email attachments as you normally would.
Google added: “Google Workspace already uses the latest encryption standards to encrypt all data in storage and transmission between our facilities.” “Client-side encryption helps enhance the confidentiality of your data while helping to address a wide range of data sovereignty and compliance needs.”
You must log in to post a comment.