Google announced on Friday that client-side encryption for Gmail is now in beta for Workspace and school clients, as part of its efforts to safeguard emails sent over the platform’s web version.
This advancement comes at a time when concerns about internet privacy and data security are at an all-time high, making it a welcome shift for users who value the security of their personal information.
Customers of Google Workspace Enterprise Plus, Education Plus, and Education Standard can apply to participate in the beta until January 20, 2023. Personal Google Accounts are not eligible.
“Using client-side encryption in Gmail ensures that sensitive data in the email body and attachments are indecipherable to Google servers,” the company wrote in a blog post. “Customers keep custody of encryption keys and the identity service that allows them to access those keys.”
It is critical to understand that the most recent precautions provided by Gmail differ from end-to-end encryption.
Client-side encryption, as the name implies, is a method of protecting data at rest. It enables businesses to encrypt data on Google services using their own cryptographic keys. The data is decrypted on the client side with keys produced and controlled by a cloud-based key management service.
Google’s new feature requires admins to either set up an encryption key service through one of the company’s partners Flowcrypt, Fortanix, Futurex, Stormshield, Thales, or Virtru, or construct their own service using its client-side encryption API.
This ensures that the data is safe from unwanted access, even by the server or service provider. The organization or administrator, on the other hand, has control over the keys and can monitor users’ encrypted files or cancel a user’s access to the keys, even if they were generated by the user.
End-to-end encryption (E2EE) is a communication method in which information is encrypted on the sender’s device and can only be decrypted on the receiver’s device using a key known only to the sender and the recipient.
Having said that, the new feature, which is currently limited to the web browser, allows users to send and receive encrypted emails both within and outside of their domains. The email body and attachments, including inline images, are encrypted, but not the topic and recipient lists.
Gmail isn’t the only Google product that uses client-side encryption. Similar functionality was introduced for Google Drive last year and Google Meet earlier this August. A similar experiment for Google Calendar came to an end on November 11, 2022.
It’s worth mentioning that client-side encryption is supported by Google Drive apps for PC, Android, and iOS. Google stated that the feature will be implemented into the Meet and Calendar mobile apps in a future update.
“Client-side encryption helps increase the secrecy of your data while addressing a wide range of data sovereignty and compliance concerns,” the business continued.