Google announced on Friday that the beta version of Gmail’s client-side encryption for Workspace and education customers is now available. This is part of Google’s ongoing effort to ensure the safety of emails sent via the web-based service.
Users who place a premium on the security of their personal information will likely welcome the change, which comes at a time when these issues have never been more in the spotlight.
Until January 20, 2023, Google Workspace Enterprise Plus, Education Plus, and Education Standard customers can apply to join the beta. Individual Google accounts can’t use it.
According to a company blog post, “using client-side encryption in Gmail ensures sensitive data in the email body and attachments are indecipherable to Google servers.” Customer-controlled encryption keys and the corresponding identity service are never shared.
It’s important to understand that Gmail’s newest security features are distinct from end-to-end encryption.
Data at rest can be protected by using client-side encryption, as suggested by the name. Businesses can use their own cryptographic keys to encrypt their data stored in Google Drive. Keys are generated and managed by a cloud-based key management service, and the decryption takes place on the client side.
In order to use Google’s opt-in feature, administrators must either set up an encryption key service with one of Google’s partners (Flowcrypt, Fortanix, Futurex, Stormshield, Thales, or Virtru) or create their own service utilizing Google’s client-side encryption API.
That means not even the server or the service provider can access the information without permission. Even if a user generates their own keys, the organization or administrator still has the ability to monitor the user’s encrypted files and revoke access to the keys.
What You Need To Know
- Google announces client-side encryption for Gmail (for web) in beta.
- It adds an extra layer of protection for sensitive data and attachments in an email.
- Google Workspace Enterprise Plus, Education Plus, and Education Standard customers can apply for the beta until January 20, 2023.
Google has announced a new beta program to increase the availability of client-side encryption for Gmail within Google Workspace.
Drive, Docs, Sheets, Slides, Hangouts, and Calendar all support client-side encryption (CSE) from the search giant (beta). Customers of Google Workspace Enterprise Plus,
Google Workspace Education Plus and Google Workspace Education Standard will soon be able to use the feature in Gmail. According to the Google Workplace announcement post, they have until January 20, 2019, to apply for the beta.
When used with Gmail, the CSE promises to render the contents of the email body and any attachments unreadable to anyone, including Google and its servers. According to Google, “customers can keep their encryption keys and the identity service that they use to access them.”
Who Can Apply?
Gmail client-side encryption (CSE) beta is available to users with Google Workspace Enterprise Plus, Education Plus, or Education Standard, according to Google. You have until January 2023 to apply to join the beta test. Users must submit an application to participate in the Gmail CSE Beta Test, detailing their email address, Project ID, and test group domain.
Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers, do not yet have access to this feature. According to Google, the official release won’t happen until sometime in 2023.
According to Google, the client-side encryption option will be disabled by default. You can turn on client-side encryption on a per-domain, per-OU, and per-Group basis by going to the Admin console and selecting Security > Access and data control > Client-side encryption.
Content encryption with Google Workspace CSE is handled in the client’s browser prior to data transmission or storage in Google’s cloud. That way, your data will be secure from prying eyes and Google servers will be unable to access your encryption keys.