Google has announced that its client-side encryption for Gmail is in beta for its Workspace and Education customers, aiming to secure emails sent through the web version of the platform. This update comes at a time when concerns about online privacy and data security are at a record high, and is surely welcomed by users who value the protection of their personal data. To this end, Google Workspace Enterprise Plus, Education Plus, and Education Standard customers can request to join the beta until January 20, 2023. It is not available for personal Google accounts.
“Using client-side encryption in Gmail ensures that sensitive data within the body of the email and attachments are indecipherable to Google servers,” the company said in a blog post. “Customers retain control of the encryption keys and identity service to access these keys.”
It is important to note that the new protection offered by Gmail is different from end-to-end encryption. Client-side encryption, as the name suggests, is a way to protect data at rest. It allows organizations to encrypt data on Google services with their own cryptographic keys. Data is decrypted client-side using keys generated and managed by a cloud-hosted key management service.
The new Google feature requires administrators to set up an encryption key service through one of the company’s partner services offered by Flowcrypt, Fortanix, Futurex, Stormshield, Thales, or Virtru, or alternatively, create their own service using its client-side encryption API.
This means that data is protected against any unauthorized access, even from the server or service provider. However, the organization or administrator has control over the keys and can monitor encrypted files of users or revoke a user’s access to the keys, even if they were generated by the user themselves.
On the other hand, end-to-end encryption (E2EE) is a communication method in which information is encrypted on the sender’s device and can only be decrypted on the recipient’s device with a key known only to the sender and recipient.
That said, the new client-side encryption feature is a welcome addition to Gmail’s security measures, as it allows organizations to encrypt data stored on Google’s servers with their own keys. This is especially important for organizations handling sensitive data, such as healthcare providers and financial institutions. It is worth noting that client-side encryption does not protect data in transit, so organizations should still consider using Transport Layer Security (TLS) for email transmission.
Google’s client-side encryption for Gmail is currently in beta for Workspace and Education customers, and it is not yet clear when it will be widely available. In the meantime, it is important for organizations to consider their data security measures and ensure that they have the necessary protection in place to keep sensitive data safe.