Google offers end-to-end encryption for Gmail on the web |
Google announced Friday that it is adding end-to-end encryption to the web version of its Gmail email service, allowing Google Workspace customers to send and receive encrypted email in and out of their domain.
It should be noted that client-side encryption, or E2EE as Google calls it, is already available in beta for users of cloud storage services, Google Drive, and Office applications: Docs, Sheets, Slides, and Google's Meetings and Calendar service. .
When client-side encryption is enabled in Gmail, it ensures that any sensitive data sent as part of email body and attachments cannot be decrypted by Google's servers.
"With Google Workspace client-side encryption, content encryption is processed in the client's browser before data is transmitted or stored on a cloud drive," Google explains on its support site.
The company added: “This way, Google's servers cannot access the encryption key and decrypt your data. Once you configure client-side encryption, you can choose which users can create and share client-side encrypted content internally or externally.”
Google Workspace customers can apply for the coding beta until January 20, 2023, by submitting their Gmail CSE Beta Test Application request, which must include an email address, project ID, and test suite domain.
Gmail E2EE Beta is currently available for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers.
The company said the feature is available for users with Google Personal, Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, or Nonprofits accounts, and Google customers are not yet available. . Basic or old company suite.
After sending an email from Google indicating that the account is ready, admins can set up their environment by setting up client-side Gmail encryption for their users, setting up S/MIME certificates for each user in the test suite, and configuring the main identity and service providers.
This feature is disabled by default and can be enabled at the domain, organizational unit, and group levels by going to the Admin console > Security > Data access and control > Client-side encryption.
Once enabled, you can switch to E2EE for any message by clicking the padlock icon next to the To field and clicking Enabled under Additional Encryption. You can then compose a Gmail message and add attachments as usual.
Google added: "Google Workspace already uses the latest encryption standards to encrypt all data stored and transmitted between our facilities." “Client-side encryption helps improve data protection while helping to meet data sovereignty and compliance requirements in general.”