What you need to know
- Google announces client-side encryption for Gmail (for web) in beta.
- It adds an extra layer of protection for sensitive data and attachments in an email.
- Google Workspace Enterprise Plus, Education Plus, and Education Standard customers can apply for the beta until January 20, 2023.
Google announced that it is expanding its Google Workspace’s client-side encryption for Gmail through a new beta program.
The search giant’s proprietary client-side encryption (CSE) is already available for Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar (beta). The company plans to expand it to Gmail for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers. They are eligible to apply for the beta till January 20, next year, per the Google Workspace announcement post.
When utilized in Gmail, the CSE promises to make the sensitive data in the email body and attachments indecipherable to even Google and its servers. Google says that “consumers can retain control over encryption keys and the identity service to access those keys.”
That said, there are some limitations to what is actually encrypted. According to a support page, the email header — including subject, timestamps, and recipients lists — is not encrypted. Some features are also not supported with client-side encryption, such as Smart compose, confidential mode, multi-send, emoji, and more. CSE is also only available on the mobile app for iOS and Android phones for now.
Still, it can be beneficial for organizations handling sensitive intellectual property. Those can include highly industry-regulated firms like defense, government, and financial firms.
- Chromebook deals: Walmart (opens in new tab) | Best Buy (opens in new tab) | Lenovo (opens in new tab) | HP (opens in new tab) | Amazon (opens in new tab)
Google says it will accept beta applications from businesses willing to try out the new CSE program over the next several weeks. After acceptance, the feature will be turned off by default for Admins. They can be enabled at the domain, OU, and Group levels by heading to Admin console > Security > Access and data control > Client-side encryption.
The end-users can add the CSE to any message sent internally or externally via Gmail by clicking the new padlock icon right next to Cc and Bcc tags. It showcases a new additional protection window featuring a “Turn on” button. Users can then send their sensitive data in the body and attachments after enabling the feature and stay protected.