Google announced Friday that client-side encryption for Gmail is in beta for workspace and education customers. This is part of an effort to secure emails sent through her web version of the platform.
This development comes at a time when online privacy and data security concerns are at an all-time high, and is a welcome change for users who value the privacy of their personal information.
Therefore, Google Workspace Enterprise Plus, Education Plus, and Education Standard customers must register for the beta by January 20, 2023. Not available for personal Google accounts.
“Gmail uses client-side encryption to prevent sensitive data in email bodies and attachments from being deciphered by Google servers,” the company said in a post. “Customers have control over and access to encryption keys and identity services.” is important.
Client-side encryption, as the name suggests, is a method of protecting data at rest. This allows companies to use their own encryption keys to encrypt data on Google services. Data is decrypted client-side using keys generated and managed by a cloud-hosted key management service.
Google’s opt-in feature allows administrators to set up an encryption key service through one of the company’s partners (provided by Flowcrypt, Fortanix, Futurex, Stormshield, Thales, or Virtru) or to use client-side encryption. You have to build your own service using the API.
This protects your data from unauthorized access from servers, service providers, and so on. However, an organization or administrator can control the keys, monitor a user’s encrypted files, or revoke access to a user’s keys, even if the keys were generated by the user himself.
End-to-End Encryption (E2EE), on the other hand, means that information is encrypted on the sender’s device and can only be decrypted on the recipient’s device using a key known only to the sender and recipient. communication technology.
With that in mind, a new option (initially limited to her web browser) allows users to send and receive encrypted email inside and outside of their domain. Encryption covers the email body and attachments (including inline images), but not the subject line and recipient list.
His Gmail isn’t the only Google product with client-side encryption enabled. The tech giant enabled the same feature for Google Drive last year and for Google Meet in early August. A similar test of Google Calendar he ended on November 11, 2022. Google says the feature will be built into the Meet and Calendar mobile apps in a future release.
“Client-side encryption helps enforce data confidentiality while meeting a wide range of data sovereignty and compliance requirements,” the company added.