Google launches client-side encryption on Gmail web for businesses
Google has finally introduced client-side encryption for Gmail on the web. Users can get a taste of end-to-end encryption on the email client by applying for the beta version. The feature ensures that "sensitive" data and attachments in emails are unreadable to anyone, including Google. Workspace administrators can sign up for client-side encryption till January 20.
Why does this story matter?
Google Workspace apps are among the most-rated productivity tools in the world. The suite has a broad range of services including Gmail, the most popular email client. The company has decided to up the security angle of Gmail with the addition of client-side encryption. With more companies coming up with better security email options, Google's move is a timely one.
Encryption enhances the confidentiality of users' data
Google announced client-side encryption for Gmail web in a blog post. The beta version is only available for Google Workspace Enterprise Plus, Education Plus, and Education Standard. "Client-side encryption helps strengthen the confidentiality of your data while helping to address a broad range of data sovereignty and compliance needs," said Google. Customers will have control over the encryption keys.
Workspace administrators will enable the feature
Client-side encryption will be disabled by default. Once Workspace administrators sign up for the beta program, they can enable the feature at the domain, OU, and Group levels. To enable the feature, admins can head to Admin console > Security > Access and data control > Client-side encryption. After the feature is enabled, Workspace users can use the feature to encrypt their emails.
Workspace users have to click on the padlock to encrypt
The end users can use client-side encryption by clicking on the lock button when they compose an email. After clicking on the lock button, they have to turn on 'Additional encryption.' The feature will be managed by Workspace admins. However, it can be used for more than intra-office communication. Users will be able to send emails outside their domain as well.
Google won't encrypt subject, timestamps, and recipients list
Apart from the email body and attachments, inline images will also be encrypted. However, the header of the email, including subject, timestamps, and recipients lists won't be protected. Using client-side encryption on Gmail web means giving up on certain features, including the ability to use an emoji, a signature, and Smart Compose. Client-side encryption will soon reach the Gmail app for Android and iOS.
What is the difference between client-side encryption and end-to-end encryption?
Client-side encryption isn't the same as end-to-end encryption. Although both mean encryption at the source and destination, client-side encryption gives Workspace admins the power to monitor users' encrypted files. They will also have access to encryption keys. Google launched client-side encryption for Drive last year. It is also available in Docs, Sheets, Slides, and Meet. Google Calendar has a beta version of client-side encryption.
