What you need to know
- Google announces client-side encryption for Gmail (for web) in beta.
- It adds an extra layer of protection for sensitive data and attachments in an email.
- Google Workspace Enterprise Plus, Education Plus, and Education Standard customers can request the beta until January 20, 2023.
Google has announced that it is extending Google Workspace client-side encryption for Gmail through a new beta program.
The search giant’s proprietary client-side encryption (CSE) is already available for Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar (beta). The company plans to extend it to Gmail for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers. They are eligible to request the beta until January 20 next year, according to the Google Workspace announcement post.
When used in Gmail, the CSE promises to make the sensitive data in the email and attachments unreadable even by Google and its servers. Google says that “consumers can maintain control over encryption keys and the identity service to access those keys.”
That said, there are some limitations to what is actually coded. According to a support page, the email header – including subject, timestamps, and recipient lists – is not encrypted. Some features are also not supported with client-side encryption, such as Smart Compose, confidential mode, multi-send, emoji, and more. CSE is also only available in the mobile app for iOS and Android phones for now.
Still, it can be useful for organizations dealing with sensitive intellectual property. These can be highly industry-regulated companies, such as defense, government and financial companies.
- Chromebook Deals: walmart (opens in new tab) | Best Buy (opens in new tab) | Lenovo (opens in new tab) | PK (opens in new tab) | Amazon (opens in new tab)
Google says it is accepting beta requests from companies that want to try out the new CSE program in the coming weeks. Once accepted, the feature is disabled by default for administrators. They can be enabled at the domain, OU and group level by visiting Admin console > Security > Access and data management > Client-side encryption.
The end users can add the CSE to any message sent internally or externally through Gmail by clicking the new padlock icon next to the Cc and Bcc tags. It will show a new extra protection window with an “Enable” button. Users can then send their sensitive data in the body and attachments after enabling the feature and remain protected.